In PHP, cookies and sessions are usually used for registration, login and recording user information, but there are big differences between cookies and sessions. Let’s take a look at them together.
Session Introduction: HTTP (Hypertext Transfer Protocol) defines the transmission of text, graphics, video and all over the World Wide Web (WWW)
All other data rules. HTTP is a stateless protocol, which means that the processing of each request is related to the previous or following
The request is irrelevant. Although this simplified implementation has made an outstanding contribution to the popularity of HTTP, it is not suitable for those who want to create complex
For web application developers, this is a bit confusing. In order to solve this problem, there is a method on the client
A small amount of information (cookies) is stored on the machine.
Due to cookie size limitations, quantity and other reasons, developers have proposed another solution: session will
Word processing.
one. Cookie
Applications
Set cookies: The setcookie() function can generate a cookie file on the client, and this file can be saved to
Period time, name, value, etc.
Create cookie
| The code is as follows | Copy code |
| 代码如下 | 复制代码 |
|
setcookie(‘name’,'Lee’,time()+(7*24*60*60));//设置一个过期时间为7天的cookie ?> |
|
?>
Parameter 1: cookie name
Parameter 3: cookie expiration time
View cookies
| 代码如下 | 复制代码 |
|
echo $_COOKIE['name']; ?> |
|
| The code is as follows | Copy code | ||||
echo $_COOKIE['name'];
|
|||||
| The code is as follows | Copy code |
|
setcookie(‘name’,”); setcookie(‘name’,’Lee’,time()-1); ?>
|
|
| 代码如下 | 复制代码 |
|
session_start(); $_SESSION['name'] = ‘Lee’; echo $_SESSION['name']; ?> |
|
2. Session
| 代码如下 | 复制代码 |
|
session_start(); $_SESSION['name'] = ‘Lee’; if (isset($_SESSION['name'])) { echo $_SESSION['name']; } ?> |
|
| The code is as follows | Copy code |
| session_start(); $_SESSION['name'] = 'Lee'; echo $_SESSION['name']; ?> | |
| The code is as follows | Copy code |
| session_start(); $_SESSION['name'] = 'Lee'; if (isset($_SESSION['name'])) { echo $_SESSION['name']; } ?> | |
Delete session
| 代码如下 | 复制代码 |
|
session_start(); $_SESSION['name'] = ‘Lee’; unset($_SESSION['name']); echo $_SESSION['name']; ?> |
|
Destroy all sessions
| 代码如下 | 复制代码 |
|
session_start(); $_SESSION['name'] = ‘Lee’; $_SESSION['name2'] = ‘Lee’; session_destroy(); echo $_SESSION['name']; echo $_SESSION['name2']; ?> |
|
The difference and relationship between cookie and session
•Storage location:
1. The session is stored on the server location, and session-related configurations can be configured through php.ini
2. Cookies are stored on the client (actually they can be divided into two types:
1. Persistent cookie, the time when the cookie is set, is stored on the hard disk in the form of a file,
2. Session cookie, no cookie time is set, and the life cycle of the cookie is to disappear before closing the browser. Generally, it will not be saved on the hard disk, but on the memory)
The relationship between cookie and session
Cookie sent via http header:
Cookie name=PHP%BB%B4%B1%B1; PHPSESSID=cpt2ah3pi4cu7lo69nfbfllbo7
PHPSESSID is an important parameter associated with the server session
Look at the session file again: sess_cpt2ah3pi4cu7lo69nfbfllbo7
The generation format of session_id is: sess_ plus a string of PHPSESSID values
We can understand it this way:
When the program needs to create a session for a client's request, the server first checks whether the client's request already contains a session identifier (called session id). If it does, it means that this client has been used before. Once a session is created, the server will retrieve the session and use it according to the session id (if it cannot be retrieved, it will create a new one). If the client request does not include the session id, a session will be created for the client and a session will be generated associated with this session. The session id, the value of the session id should be a string that is neither repeated nor easy to find patterns to counterfeit. This session id will be returned to the client in this response for storage. The method of saving this session ID can use cookies, so that during the interaction process, the browser can automatically send this identification to the server according to the rules. Generally, the name of this cookie is similar to SEEESIONID
Configuration related to session and cookie in php.ini
1,session.use_cookie = 1
Whether to use the Cookie method to pass the session id value. The default is 1, which means enabled.
2,session.name = PHPSESSID
Whether the cookie passes sessioin_id or the GET method passes session_id, the key value needs to be used. Their formats are Cookie: sess_name=session_id; and /path.php?sess_name=session_id, where sess_name is specified here.
3,session.use_only_cookies = 0
Indicates that only the session id is passed using the Cookie method. We have said that in addition to cookies, there is also the GET method for passing cookies. The GET method is an unsafe method. When cookies are disabled on the user side, the GET method will be used to pass the session_id. You can use this setting to pass the session_id using the GET method.
4. session.cookie_lifetime = 0, session.cookie_path = / and session.cookie_domain =
If you use the Cookie method to pass session_id, the cookie valid domain, directory and time are specified here. Corresponding to the formal parameters $expire, $path and $domain of the setcookie() function respectively. Among them, cookie_lifetime=0 means that the cookie will not be deleted until the browser is closed. These values can also be modified using the session_set_cookie_params() function.
5,session_name([string $name])
Get or update session_name. If name is passed, it means that the default name PHPSESSID (specified by session.name) is not used, otherwise the current session_name is obtained. Note: If session_name is set, it must be called before session_start() to take effect.
6,session_id([string $id])
Similar to session_name(), but it is a method to read or set session_id. Similarly, if session_id is set, it must be called before session_start() to be effective.
7, session_set_cookie_params() and session_get_cookie_params()
The three php.ini settings of session.cookie_lifetime, session.cookie_path and session.cookie_domain can be reset through session_set_cookie_params(). Session_get_cookie_params() obtains the values of these settings.
Here I made a table to summarize their differences and similarities:
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
