The session is usually placed in the /tmp directory, and the permissions of this folder are readable by everyone. This is very scary! Someone once stole accounts through sessions in the school forum! So later I tried to put the session into the database. The structure and process of the table are as follows:
//Create table
//create sesslib.sql
CREATE TABLE sesslib (
data text,
time datetime,
id int(11) DEFAULT '0' NOT NULL auto_increment,
sid varchar(32) NOT NULL,
PRIMARY KEY (id),
UNIQUE sid (sid)
) ;
//End
//XX.php customizes the database path of session. When a page needs to use //session, you can include this part. The usage method is:
include "XX.php";//XX.php
session_start();
//You can use the session normally after this
?>
/******************************************************/
XX.php content:
/****************************************************/
$sess_dbh="";
$sess_maxlifetime=get_cfg_var("session.gc_maxlifetime");
function sess_open($save_path, $session_name) {
global $hostname, $dbusername, $dbpassword, $dbname, $sess_dbh;
//$sess_dbh=mysql_pconnect($hostname,$dbusername,$ dbpassword) or die("Cannot connect to database!");
$sess_dbh=mysql_pconnect('localhost','test','test') or die("Cannot connect to database!");
// mysql_select_db ("$dbname") or die("Cannot select database!");
mysql_select_db('test') or die("Cannot select database!");
return(true);
}
function sess_close() {
//mysql_close();
return(true);
}
function sess_read($sid) {
global $sess_dbh;
$result = mysql_query("select data from sesslib where sid='$sid'", $sess_dbh);
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
