How to understand session control in PHP

Session control is a communication method that tracks users. The use of session control is mainly based on the following points: due to the stateless nature of the http protocol, the association between two requests cannot be established through the protocol; for ordinary pages For the data transfer methods between get and post, it mainly handles the transfer of parameters and the input of data. Simple data transfer between the two pages. For multiple pages on the website of a user, a variety of different data, there may be Different permissions lead to different pages, different operation methods, etc. Using get and post is very cumbersome.

1. Cookie method

## In order to track users, users must be marked, the idea of ​​​​cookies That is, when a user visits the first page of the website, by setting the user's information identifier, the web server stores it on the user's computer in the form of text files. These files are so-called cookies and are stored in key-value pairs. , when the user visits the second page of the website, he will access the server with the information in the cookie file through the http header information, and re-verify the user information just now, thus avoiding the need to enter the user every time he visits. Information can determine whether the visits between multiple pages are by the same user.

Function to set information to cookie: setcookie($key, $value, $expire, $path, $domain, $secure).

The parameters are: key, value, expiration time (UNIX timestamp, the default is 0, which means the cookie will disappear when the browser is closed), and the path to access the cookie. After setting, the script under this path on the server can Access cookies (the default is the root directory), the domain name for accessing cookies, only the website page under the domain name (such as www.example.com) can access cookies, and enable cookies whether it is an https secure connection.

For example, after submitting a form through post, record some information

<?php    
    if(isset($_POST)){        
    $time = time();        
    setcookie(&#39;user&#39;, $_POST[&#39;user&#39;], $time+3600);  // 时间参数需要比当前时间点大，以表示cookie信息的有效时间        s
    etcookie(&#39;data&#39;, array(1,2,3), $time+1200);  // 可以存放各种数据     }
   保存cookie成功后，可直接到$_COOKIE超全局数组中以键名取得该值，非常方便，如echo $_COOKIE[&#39;user&#39;]，基本的数据类型都支持       cookie的删除仍是通过setcookie进行，最好写成将时间提前的形式，或者直接写一个键名，比如在用户点击退出时进行该项操作
　setcookie(&#39;user&#39;, &#39;&#39;, time()-200);  // 时间提前，相对当前时间 
 setcookie(&#39;user&#39;);  // 简写，只写键名

  2.session方式

Session is similar to cookie, except that the information was originally stored on the client side, but now it is stored on the server side, but an identifier is generated on the client side. id, this id is saved to the user's local cookie by default, so the session is related to the cookie. In this way, when the user visits for the first time, the information is stored in the web server, and a fixed-length string (session id) is randomly assigned to the user. When the user visits other pages in the future, he will use this id to find the corresponding user data on the server. Information, so the user can be tracked. A session that uses cookies is called a cookie-based session.

But users can set their browsers to disable cookies (although this is generally not done). Some websites will force users to enable cookies after detecting that cookies are disabled, but there is a situation like this. In this case, the cookie-based method will not work. At this time, it can be passed in the get form with a session id attached to the URL. Of course, it can also be passed through http post.

Use of session

First, use session_start() to open a session. Note that for this type of network function, there is no output allowed in front of it, even if there is a space in front of the

Then, register the session variable, that is, access user information or useful data. There is no need to use any function, just store it directly in $ _SESSION super global array, such as $_SESSION['user'] = $_POST[['user'], these data will be saved to a file on the server, or of course it may be in cache (memcache, redis).

When jumping to other pages, the session must be opened on other pages first, still using session_start(). If the session is already opened, this function returns the current session, if not, reopen it.

Finally, if the user exits or destroys the conversation for some reason, these variables must be logged out. Take it in four steps:

1.仍然是先开启会话，或者是跳转到其他页面时，再次返回已经存在的会话，需要确保前面没有输出
    session_start();   // 开启或返回一个会话
 
2.清空$_SESSION数组中的相关变量
  unset($_SESSION['robert'])  // 销毁某一个变量  $_SESSION = array();  // 或者一次性全部销毁会话变量
3.清除保存在客户端的cookie，别忘了session id还在用户计算机上面
if(
isset(
$_COOKIE[
session_name
()])){        
unset(
$_COOKIE[
session_name()]);    
//
session_name()获取sesion的名，session id也是以名和值的形式存储的
    }
4.彻底销毁存储到服务器的信息
 session_destroy();

After completing the four steps, a session ends.

3. The basic steps for using session control are as follows:

　1) Start a session

Just call the session_start() function. For the specific functions of the function, please refer to the PHP documentation. It should be noted that this function must be called at the beginning of the script using the session. If not, all the information saved in the session will not be available in the script. In addition to manually calling the session_start() function, you can also automatically configure PHP to automatically call it. You can Google it.

　2) Register a session variable

　Since PHP4.1, session variables are stored in the super global array $_SESSION. To create a session variable, you only need to set an element in the array, such as $_SESSION['myvar'] = 5;

　3) Use a session variable

It is very simple to use a session variable. Just use the $_SESSION array to access the saved session variable. For example, echo $_SESSION['mywar']; will print out 5. Before using a session, you must first use the session_start() function to start a session.

4) Unregister variables and destroy sessions

To unregister variables, just use unset, such as unset($_SESSION['myvar']). If you want to destroy all session variables at once, you can use unset ($_SESSION); When you have finished using a session, you should first unregister all variables, and then call session_destroy() to clear the session ID.

The above is the detailed content of How to understand session control in PHP. For more information, please follow other related articles on the PHP Chinese website!