In-depth understanding of PHP's Session mechanism

Today I was reading Brother Niao’s article on how to set a session that expires strictly in 30 minutes
I became interested in the session mechanism of php, and I found some information on the Internet to study it.

The php session management system supports many configuration options, which can be set in your own php.ini file
In the configuration of session in php.ini, session.save_handler defines the name of the processor to store and obtain data associated with the session. The default is files. It should be noted that individual extensions can register their own save_handlers; registered processing The program is available on a per-installation basis by referencing phpinfo(). See session_set_save_handler().
There are two ways to handle sessions in PHP configuration, one is the default files, and the other is user-defined.
1. session.save_handler=files
1. session_start()
1.1 session_start() is the beginning of the session mechanism. It has a certain probability of starting garbage collection. Because the session is stored in a file, PHP's own garbage collection is invalid for the SESSION session. SESSION recycling requires deleting the file. This probability is Determined according to the configuration of php.ini (session.save_path).
Some systems have session.gc_probability = 0, which means the probability is 0, and garbage collection is implemented through cron scripts.

<code>            session<span>.gc</span>_probability = <span>1</span>
            session<span>.gc</span>_divisor = <span>100</span>
            session<span>.gc</span>_maxlifetime = <span>1440</span>//过期时间 默认<span>24</span>分钟
            //概率是 session<span>.gc</span>_probability/session<span>.gc</span>_divisor 结果 <span>1</span>/<span>100</span>, 
            //不建议设置过小，因为session的垃圾回收，是需要检查每个文件是否过期的。
            session<span>.save</span>_path = //好像不同的系统默认不一样，有一种设置是 <span>"N;/path"</span>
            //这是随机分级存储，这个样的话，垃圾回收将不起作用，需要自己写脚本</code>

1.2 Session will determine whether there is currently $_COOKIE[session_name()]; session_name() returns the COOKIE key value that saves session_id. This value can be found from php.ini

<code><span>session.name </span>=<span> PHPSESSID //默认值PHPSESSID</span></code>

1.3 If it does not exist, a session_id will be generated, and then Pass the generated session_id to the client as the COOKIE value. It is equivalent to executing the following COOKIE operation. Note that this step executes the setcookie() operation. The COOKIE is sent in the header. There cannot be output before this. PHP has another function session_regenerate_id(). If you use this function , there can be no output before this.

<code>    setcookie(session_name(),
              session_id(),
              session.cookie_lifetime,<span>//</span>默认<span>0</span>
              session.cookie_path,<span>//</span>默认<span>'/'</span>当前程序跟目录下都有效
              session.cookie_domain,<span>//</span>默认为空
              )</code>

1.4 If exists then session_id = $_COOKIE[session_name];
Then go to the folder specified by session.save_path to find the file named 'SESS_'. session_id().
Read the content of the file, deserialize it, and put it into the $_SESSION global variable
2. Assign value to $
_SESSION For example, if you add a new value $_SESSION['test']= 'test'; then this $_SESSION will only be maintained in the content. When the script execution ends, the value of $_SESSION will be written to the session_id specified folder, and then close the related resources. At this stage, it is possible to perform an operation to change the session_id.
For example, destroy an old session_id and generate a new session_id. Half of it is used for custom session operations and role conversion. For example, Drupal. An anonymous user of Drupal has a SESSION. When it logs in, it needs to use a new session_id.

<code>if (<span>isset($_COOKIE[<span>session_name()</span>])</span>) {
          <span>setcookie(<span>session_name()</span>, <span>''</span>, <span>time()</span> - <span>42000</span>, <span>'/'</span>)</span>;<span>//旧session cookie过期</span>
        }
        <span>session_regenerate_id()</span>;<span>//这一步会生成新的session_id</span><span>//session_id()返回的是新的值</span></code>

3. Write SESSION operation
At the end of the script, the SESSION write operation will be performed, and the value in $_SESSION will be written to the file named by session_id. It may already exist, and a new file may need to be created.
4. Destroy SESSION
The COOKIE sent by SESSION is generally an instant COOKIE and is stored in memory. It will expire when the browser is closed. If you need to force the expiration manually, such as logging out instead of closing the browser, then you need to destroy the SESSION in the code. There are many ways.
4.1 setcookie(session_name(), session_id(), time() - 8000000, ..);//Execute before logging out
4.2 usset($_SESSION);//This will delete all $_SESSION data. After refreshing, COOKIE is passed, but there is no data.
4.3 session_destroy();//This function is more thorough, delete $_SESSION, delete the session file, and session_id
When refreshing again without closing the browser, COOKIE will be sent to 2 and 3, but the data cannot be found

2. session.save_handler=user
In the PHP manual, there is session_set_save_handler to set a user-defined session storage function. If you want to use a method other than PHP's built-in session storage mechanism, you can use this function. For example, you can customize the session storage function to store session data in a database.
For details, please check the PHP manual http://php.net/manual/zh/function.session-set-save-handler.php

The above has introduced an in-depth understanding of PHP's Session mechanism, including aspects of it. I hope it will be helpful to friends who are interested in PHP tutorials.