WeChat obtains multiple global access_token conflicts, resulting in invalidity? (Solution)

Token expires in 7200 seconds by default. If a second place also requests the same token, the first token will expire within 5 minutes. In other words, if the time is too short during my second request, it will cause a conflict.
I just learned WeChat development and my code writing is not perfect. I only passed the judgment of whether the lifetime is greater than 7200. I saw someone saying that it can judge the reading every minute. I wonder if you have any optimization suggestions for my code? Thank you

<code>function getWxAccessToken(){
    if ( $_SESSION['access_token'] && $_SESSION['expire_time'] > time() ) {
        //未过期
        return $_SESSION['access_token'];
    }else {
        $appid        = "wx3bbf9ae731a6eb07";
        $appsecret = "2b14a75fa48825ef3c76c8949b5e030f";
        $url          = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=".$appid."&secret=".$appsecret;
        $res =$this->https_request($url,'get','json');
        $access_token = $res["access_token"];
        //将重新获取到的access_token存到session里
        $_SESSION['access_token']=$access_token;
        $_SESSION['expire_time']=time()+7200;
        return $access_token; 
    }
}
</code>

---

The conflict is a method under the same controller, and each call uses

<code>    $access_token=$this->getWxAccessToken();
</code>

The error message is as follows

<code>array(2) {
  ["errcode"] => int(40001)
  ["errmsg"] => string(81) "invalid credential, access_token is invalid or not latest hint: [pd4MfA0688vr40!]"
}
</code>

---

I saw what the official said
The official meaning of 0.0 is not to use business logic points to refresh the token. What I wrote seems to be using business logic to refresh the token. What does it mean to use a third-party central control?

---

Put the absolute path of the method in the QR code generator and scan it. This debugging result feels more correct than direct access through the browser.
In most cases, if the browser reports 40001 when opening it, basically the program is fine

Reply content:

Token expires in 7200 seconds by default. If a second place also requests the same token, the first token will expire within 5 minutes. In other words, if the time is too short during my second request, it will cause a conflict.
I just learned WeChat development and my code writing is not perfect. I only passed the judgment of whether the lifetime is greater than 7200. I saw someone saying that it can judge the reading every minute. I wonder if you have any optimization suggestions for my code? Thank you

<code>function getWxAccessToken(){
    if ( $_SESSION['access_token'] && $_SESSION['expire_time'] > time() ) {
        //未过期
        return $_SESSION['access_token'];
    }else {
        $appid        = "wx3bbf9ae731a6eb07";
        $appsecret = "2b14a75fa48825ef3c76c8949b5e030f";
        $url          = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=".$appid."&secret=".$appsecret;
        $res =$this->https_request($url,'get','json');
        $access_token = $res["access_token"];
        //将重新获取到的access_token存到session里
        $_SESSION['access_token']=$access_token;
        $_SESSION['expire_time']=time()+7200;
        return $access_token; 
    }
}
</code>

---

The conflict is a method under the same controller, and each call uses

<code>    $access_token=$this->getWxAccessToken();
</code>

The error message is as follows

<code>array(2) {
  ["errcode"] => int(40001)
  ["errmsg"] => string(81) "invalid credential, access_token is invalid or not latest hint: [pd4MfA0688vr40!]"
}
</code>

---

I saw what the official said
The official meaning of 0.0 is not to use business logic points to refresh the token. What I wrote seems to be using business logic to refresh the token. What does it mean to use a third-party central control?

---

Put the absolute path of the method in the QR code generator and scan it. This debugging result feels more correct than direct access through the browser.
In most cases, if the browser reports 40001 when opening it, basically the program is fine

It is recommended to store access_token in the database, so that all businesses use the same token, so that each business logic point does not request access_token independently;
The official document means that if the business logic is on multiple servers, Since access_token and expire_time are stored in the session, the session will not be shared between servers, which will cause the business on each server to initiate a request. If the access_token on one of the servers has not expired, and the other server re-requests the access_token , making the access_token on the first server invalid, and then using the expired access_token to request services, resulting in unstable services. Use the central control server to store the access_token, so that unified services will not cause conflicts between businesses and ensure data consistency. Sex

Access_token is common to all calls. There is no need to put the session. Everyone's session is different. It is usually placed in the cache, otherwise you can just put it in the database.

Every time you use it, go to the database. If it is within the validity period, use it directly. If it is invalid, retrieve it again and insert it into the database.

Session is based on users, so you can refresh it once each user visits.

It is recommended to put it in the cache or database and refresh it regularly.