This article mainly introduces the detailed explanation of the method of using session-cookie in PHP and codeigniter. Interested friends can refer to it. I hope it will be helpful to everyone.
1. Read and write cookies
##<1>Native
setcookie('name','value',time)
<2>CI Framework
$this->input->set_cookie("views","test10",1000); echo $_COOKIE["views"];//此方法获取值时,如果值不存在会报错,当然可以先用isset($_COOKIE["views"])判断一下
<3>By helper
$this->load->helper('cookie');//这行放在view也是可以的,随便 set_cookie('views','test10',1000); echo get_cookie('views');//此方法获取值如果获取不到,会返回空,不会报错
2. Read and write session
##<1>Native session
Startup:<?php session_start(); ?>
##Assignment:
$_SESSION['views'] = "test20";
Value:
echo "Session:". $_SESSION['views'];
Duration:
Session. When the browser is closed, the phpsession in the cookie will be cleared, and a
will be regenerated next time it is opened, although the server still saves the session. The expiration time of the session is set in php.ini, see another articlephp (codeigniter) security considerations
<2>CI framework session
Startup:
$this->load->library('session');//load必须在controller完成,当要使用session必须先load赋值: $this->session->views = "test11";
Value:
echo "Session:". $_SESSION['views'];
Duration:
The client has a duration of 2 hours, when the server's session is deleted , because the client's session id is still valid, so when it is opened again, the server will create a session with the same session id as the client's. Of course, it does not matter whether to create a new id or an old id, because only the id has the same name. There is no data
<3>Difference>The two session names are different, one is called phpsession and the other is called ci_session
>Only one can be started, not both.>The values are the same.>Do not mix the two, and you should give up the native altogether. The way>The native phpsession can be accessed casually, and ci_session is httponly, which means that the native session may be attacked through xxs, and the cookie can be obtained through js<4>ExceptionsThere is a situation like this:
At this time Ci_session already exists, because this ci_ is persistent
//session_start();//没有启动原生的session //$this->load->library('session');//没有启动ci的session $_SESSION['views'] = "test23";//直接用原生的方式进行赋值 echo "Session:". $_SESSION['views'];//可以正常取值出来"test23"
The operation of cookies is relatively easy to understand. It is written to the user cookie, and whatever is written is read out. As long as it is a cookie on this site, it can be read out by key value.
The value of session exists on the server, but how do you know which user this value belongs to? By storing the session file name in the user cookie, the saved value is placed in a file with the same name on the server. Stealing cookies refers to stealing this. Important information is stored on the server, but if it is stolen, it will be over. Therefore, the session-key stored in the cookie cannot be trusted, and authentication should be performed. Note,When writing the session, writing the session-key to the user's cookie is automatically completed. This duration should be in the server's php Configured in .ini. The above is the entire content of this article, I hope it will be helpful to everyone's study.
Related recommendations:
Solutions to MySQL high concurrency locking transaction processing issues
Using file_get_contents to send http request function is simple PHP Implemented Monkey King Algorithm (monkey chooses the king) ##
The above is the detailed content of Detailed explanation of how to use session-cookie in php and codeigniter. For more information, please follow other related articles on the PHP Chinese website!