The idea of session control is to be able to track users within a website based on a session. 1 cookie 1.1 What is cookie

Set-Cookie: NAME = VALUE; [expires = DATE;] [path = PATH;] [domain = DOMAIN_NAME;] [secure]

: If the expiration date is not set, the cookie will be valid forever unless it is deleted manually). The path and domain fields together specify the URL or URL associated with the cookie. The secure keyword means that cookies are not sent in ordinary HTTP links. 1.2 Setting cookies via PHP Use the setcookie() function to manually set cookies in PHP. The function prototype is as follows:

bool setcookie(string name [, string value [, int expire [, string path [, string domain [, int secure]]]]])

: The cookie header must be , otherwise it will be invalid (this is a cookie limitation, not a PHP limitation). 1.3 Using cookies in sessions 1.4 Storing session ID 2 Implement simple conversation 2.1 Start a session 2.2 Register a session variable 2.3 Using session variables 2.4 Unregister variables and destroy sessions ID. 3 A simple session (example) auto-main.php

session_start(); if(isset ($_POST['userid' ]) && isset($_POST['password'])){       $userid = $_POST[ 'userid'];       $password = $_POST[ 'password'];              $db_conn = new mysqli('localhost' , 'root' , '' , 'test' );              if(mysqli_connect_error()){              echo "Connection to database failed:" . mysqli_connect_errno();              exit();       }              $query = "select * from authorized_users" . " where name = '$userid'" . "and password = ' $password'" ;       $result = $db_conn -> query($query);              if($result -> num_rows > 0){             $_SESSION[ 'valid_user'] = $userid;       }       $db_conn -> close(); } ?> <html>       <body >              <h1 >Home Page h1 >                                  if( isset($_SESSION[ 'valid_user'])){                          echo 'You are logged in as: ' . $_SESSION['valid_user'] . '
' ;                          echo 'Log out
';                   } else {                          if( isset($userid)){ //失败                                echo 'Could not log you in.
';                         } else {                                echo 'You are not logged in.
';                         }                   }                                       echo '

Userid:
Password:

; ?> <br /> <a href ="members-only.php"> Members section a> body > html>

3.2 members_only.php

session_start(); echo "

Members only

"; if(isset ($_SESSION['valid_user' ])){ echo "

You are logged in as " . $_SESSION['valid_user' ] . "

"; echo "

Member only content goes here

" ; } else { echo "

You are not logged in.

" ; } echo "Back to main page

"; ?>

<🎜> <🎜>session_start();<🎜><🎜> <🎜> <🎜><🎜> <🎜>echo<🎜><🎜><🎜> <🎜>"
Members only
"; if(isset ($_SESSION['valid_user' ])){       echo "
You are logged in as " . $_SESSION['valid_user' ] . "
";       echo "
Member only content goes here
" ; } else {       echo "
You are not logged in.
" ; } echo "Back to main page
"; ?> 3.3 logout.php

session_start(); $old_user = $_SESSION['valid_user']; unset($old_user); session_destroy(); ?> <html>       <body >              <h1 >Log out h1 >                                  if(! empty($old_user)){                          echo 'Logged out.
';                   } else {                          echo 'You were not logged in, and so have not been logged out.
';                   }              ?>              <a href ="auto-main.php"> Back to main page a>       body > html>

session_start(); $old_user = $_SESSION['valid_user']; unset($old_user); session_destroy(); ?> <<🎜><🎜>html<🎜><🎜>>       <<🎜><🎜>body<🎜><🎜> >              <<🎜><🎜>h1<🎜><🎜> >Log out <🎜>h1<🎜><🎜> >                                 if(! empty($old_user)){                          echo 'Logged out.
';                   } else {                          echo 'You were not logged in, and so have not been logged out.
';                   }              ?>              <<🎜><🎜>a<🎜><🎜> href<🎜><🎜> =<🎜><🎜>"auto-main.php"<🎜><🎜>> Back to main page<🎜> a<🎜><🎜>>       <🎜>body<🎜><🎜> > <🎜>html<🎜><🎜>>

4 session 4.1 PHP functions or events that affect session data

session_start() Initialize session, the beginning of the life cycle.

Session initialization operation declares a global array $_SESSION to map the session data stored in memory. If the session file already exists and session data is saved, session_start() will read the session data, fill it in $_SESSION, and start a new session life cycle. (2) $_SESSION During the session life cycle, use the global variable name to register the global variable into the current session. The so-called registration is to fill in the variable in $_SESSION, and the value is NULL. It does not perform any IO operations on the session file, it only affects the $_SESSION variable. Note that the correct way to write it is session_register(‘varname’), not session_register($varname) (4) session_unregister() It is exactly the opposite of the session_register operation, that is, during the session life cycle, the specified variable is unregistered from the current session. It also only affects $_SESSION and does not perform any IO operations. (5) session_unset() During the session life cycle, log out all session data from the current session and make $_SESSION an empty array. The difference between it and unset($_SESSION) is that unset directly deletes the $_SESSION variable and releases memory resources; another difference is that session_unset() can only operate the $_SESSION array during the session life cycle, while unset() operates on the entire page ( page) life cycle can operate the $_SESSION array. session_unset() also does not perform any IO operations and only affects the $_SESSION array. (6) session_destroy() If session_start() initializes a session, it will log out a session. It means that the session life cycle is over. After the session life cycle is completed, session_register, session_unset, session_register will not be able to operate the $_SESSION array, but the $_SESSION array can still be operated by functions such as unset(). At this time, the session means is undefined, and $_SESSION is still a global variable, and they are out of the mapping relationship. Log out the session through session_destroy(). In addition to ending the session life cycle, it will also delete the session file but will not affect the current $_SESSION variable. That is, it will generate an IO operation. (7) session_regenerate_id() Calling it will reassign a new session id to the current user. And when the current page life cycle ends, the current session data is written to the session file. The premise is that the current session life cycle has not been terminated before calling this function (refer to point 9). It will generate an IO operation and create a new session file. The new session file is created before the session ends, instead of calling this function to create a new session file immediately. (8) session_commit() The session_commit() function is an alias of the session_write_close() function. It will end the life cycle of the current session and force the session data to be written to the session file immediately. It is not recommended to manually write session data through session_commit(), because PHP will automatically end the current unterminated session life cycle when the page life cycle ends. It will generate an IO write operation (9) end session End the session. The default is before the end of the page life cycle. PHP will automatically end the current unterminated session. However, you can also end the session early through the session_commit() and session_destroy() functions. No matter which method is used, ending the session will generate IO operations, which are different. By default, an IO write operation is generated to write the current session data back to the session file. session_commit() generates an IO write operation at the moment the function is called, writing the session data back to the session file. The difference with session_destroy() is that it does not write data back to the session file, but directly deletes the current session file. Interestingly, neither session_commit() nor session_destroy() will clear the $_SESSION array, let alone delete the $_SESSION array. However, all session_* functions can no longer operate session data because the current session life cycle has terminated. That is, an undefined object cannot be operated on. 4.2Summary 1. When the user logs out of the web application system, the best calling methods are session_unset(); session_destroy(); unset($_SESSION); 2. Try to fill in $_SESSION with keys and values, and session_register() is not recommended.Likewise, try to use unset($_SESSION[‘var’]) instead of session_unregister(). 3. For WEB applications that may generate a large number of sessions, the recommended format of session.save_path is session.save_path="N:/path". Note: These directories need to be created manually and have write permissions owned by the httpd daemon. Do this for better performance 4, if session_regenerate_id() is called to assign a new session id to the user. This function does not actively delete old session files. Old session files need to be cleaned regularly, which is more optimized. 5. Try not to use session_commit() to submit sessioin data, because it will also end the current session. PHP will submit session data to the session file by default during the page life cycle After all, session only exists to manage user status information. We have discussed the meaning of session id: each visiting user will be assigned a unique session id, which is used to distinguish the session data of other users. In other words, session id is an identification of the user, just like an admission ticket. Once a user is assigned a session id, each visit (http request) will carry this session id to the server for loading the user's session data. So, how to pass it to the server? This is what we discuss in this section. The web communication protocol between the client and the server is http. The three commonly used methods for PHP to obtain user data through http are: POST method, GET method and Cookie. The default delivery method of PHP is Cookie, which is also the best method. Only when the client does not support cookies (the browser has disabled the cookie function) will the session_id be passed through the GET method, that is, the session id will be passed in the query_string part of the URL. After determining the transfer method, we still need to understand the session id transfer process. The user accesses the web page through the browser, enters the URL into the address bar and presses Enter. The browser sends a request. Before calling sockect send, the browser engine will search for valid Cookies records encapsulated in the Cookie field of the http request header and send them out together. After the server receives the request, it is handed over to PHP for processing. At this time, if the session initialization function does not find the value stored with session_name() as the key value in $_COOKIE (the value is session id), it will think that the user is accessing the web for the first time. As a user visiting for the first time, the session initialization function will always randomly generate a session_id and fill the newly generated session_id into the http response header Set-Cookie field in the format of "sesseson_name = session_id" through the setcookie() function call and send it to the client. end (in this way, in subsequent requests, the Cookie field in the HTTP request header will carry the Cookie record to the web server). If the initialization function finds that $_COOKIE[‘sess_name’] has been defined in the user-side cookies, it will load the session file corresponding to $_COOKIE[‘sess_name’] ($_COOKIE[‘sess_name’] is the session ID). If the user's cookie record expires, it will be deleted by the browser. For the next request after that, the server will think that it is the user's first visit again, and so on. 4.4 Session Recycling 4.5 Summary 1, PHP uses Cookie method to pass session id. Try not to use the GET method to pass the session id, because it is very unsafe. 2. You can delete the cookie record of the client's session id through the setcookie() method. 3. The PHP GC process is started by session initialization. But not every user request will be started, its startup probability is 1/1000 by default. Websites that are visited too frequently and websites with large concurrency can reduce the startup frequency of PHP GC. PHP GC recycling session will reduce the execution efficiency of PHP. Reference: