Parsing the usage of php session_set_save_handler function (mysql)_PHP tutorial
WBOY
Release: 2016-07-21 15:02:29
Original
897 people have browsed it
Copy code The code is as follows:
/*==============================File description===== =================================== @filename: session.class.php @ description: The database saves online user sessions to implement online user functions! @notice: The session expiration time is one hour because our site uses cookies (valid time is 1 hour) to log in. Therefore, we only record the time when the user logs in, instead of refreshing and updating once. sessions field:sessionid(char32),uid(int10),last_visit(int10) ============================== =============================================== */ class session { private $db; private $lasttime=3600;//Timeout: one hour function session(&$db) { $this-> db = &$db; session_module_name('user'); //session file saving method, this is a must!Unless is set in the Php.ini file session_set_save_handler( , //Executed when the script execution is completed or session_write_close() or session_destroy() is called, that is, it is executed after all session operations are completed Executed when session_start, because the current session data will be read when session_start. (&$this, 'destroy'), //Execute when running session_destroy() array(&$this, 'gc') //The execution probability is determined by the values of session.gc_probability and session.gc_divisor, and the timing is After open, read, session_start will execute open, read and gc one after another unserializes($data_value) { data_value, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE $result[$vars[$ i++]] = unserialize($vars[$i]); ; > } function close() { $this->gc($this->lasttime); return true; } function read($SessionKey){ $sql = "SELECT uid FROM sessions WHERE session_id = '".$SessionKey."' limit 1"; $row=$this->db->fetch_array($query)){ > } function write($SessionKey,$VArray) { require_once(MRoot.DIR_WS_CLASSES .'db_mysql_class.php'); $db1=new DbCom(); // make a connection to the database... now $db1->connect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD, DB_DATABASE); $db1->query("set names utf8"); $this->db=$db1; $SessionArray = addslashes($VArray); $data=$this->unserializes($VArray); $sql0 = "SELECT uid FROM sessions WHERE session_id = '".$SessionKey."' limit 1"; $query0 =$this->db->query($sql0); if($this->db->num_rows($query0)<=0){ if (isset($data['webid']) && !empty($data['webid'])) { $this->db->query("insert into `sessions` set `session_id` = '$SessionKey',uid='".$data['webid']."',last_visit='".time()."'"); } return true; }else{ /*$sql = "update `sessions` set "; if(isset($data['webid'])){ $sql .= "uid = '".$data['webid']."', " ; } $sql.="`last_visit` = null " . "where `session_id` = '$SessionKey'"; $this->db->query($sql); */ return true; } } function destroy($SessionKey) { $this->db->query("delete from `sessions` where `session_id` = '$SessionKey'"); return true; } function gc($lifetime) { $this->db->query("delete from `sessions` where unix_timestamp(now()) -`last_visit` > '".$this->lasttime."'"); return true; } } ?>
session.cookie_domain = Pass the cookie scope of the session ID. The default is empty to indicate the host name generated according to the cookie specification.
session.cookie_secure = Off Whether to only send cookies through secure connections (https).
session.cookie_httponly = Off Whether to add the httpOnly flag in the cookie (only HTTP protocol access is allowed), This will cause client scripts (JavaScript, etc.) to be unable to access the cookie. Turning on this command can effectively prevent session ID hijacking through XSS attacks.
session.cache_limiter = "nocache" Set to {nocache|private|public} to specify the cache control mode of the session page, or set to empty to prevent HTTP response headers Send the command to disable caching.
session.cache_expire = 180 Specifies the validity period (minutes) of the session page in the client cache When session.cache_limiter=nocache, this setting is invalid.
session.use_trans_sid = Off Whether to use clear code to display SID (session ID) in the URL. It is prohibited by default because it will bring security risks to your users: 1- Users may tell other people the URL containing a valid sid through email/irc/QQ/MSN.... 2- URLs containing valid sids may be saved on public computers. 3- Users may save URLs with fixed sids in their favorites or browsing history. URL-based session management always carries more risks than cookie-based session management and should be disabled.
session.bug_compat_42 = On session.bug_compat_warn = On Versions before PHP4.2 have an unspecified "BUG": Even when register_globals=Off It is also allowed to initialize global session variables. If you use this feature in versions after PHP 4.3, a warning will be displayed. It is recommended to close this "BUG" and display a warning.
session.hash_function = 0 Hash algorithm for generating SID. SHA-1 is more secure 0: MD5 (128 bits) 1: SHA-1 (160 bits) It is recommended to use SHA-1.
session.hash_bits_per_character = 4 Specifies how many bits are saved in each character in the SID string. These binary numbers are the results of the hash function. 4: 0-9, a-f 5: 0-9, a-v 6: 0-9, a-z, A-Z, "-", "," The recommended value is 5
url_rewriter.tags = "a=href,area=href,frame=src,form=,fieldset=" This command belongs to the core part of PHP and does not belong to the Session module. Specify which HTML tags to rewrite to include SID (only valid when session.use_trans_sid=On) Form and fieldset are special: If you include them, URL rewriter A hidden "" will be added, which contains additional information that should be appended to the URL. If you want to comply with XHTML standards, please remove the form item and add
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
