Backend Development
PHP Tutorial
CodeIgniter configuration SESSION usage example analysis, session usage example_PHP tutorial
CodeIgniter configuration SESSION usage example analysis, session usage example_PHP tutorial
CodeIgniter configuration SESSION usage example analysis, session usage example
The example in this article describes the SESSION usage of CodeIgniter configuration. Share it with everyone for your reference, the details are as follows:
When I first started using Codeigniter, I was confused by the SESSION in it. Later, I never used the SESSION that comes with CI. I think it is still necessary to sort out the SESSION. In order to understand SESSION in CI, let's first talk about how SESSION works in PHP. Since the HTTP protocol itself is stateless, when retaining a user's access status information, the client needs to have a unique identifier passed to the server. This unique identifier is the SESSION ID, which is stored in the client's COOKIE, and then the server Read the stored user status information according to this identifier to achieve the purpose of saving the session status. To start a session in PHP, you need to execute the following statement:
Copy code The code is as follows: session_start();
1. Every time the client makes a request, some information will be stored in the HTTP header and sent to the server. Take the user’s first visit as an example:
Copy code The code is as follows: Request Headers
Accept:text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:zh-CN,zh;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Host:s.local
User-Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
2. The server receives and processes the request and returns it to the client, and adds a request to add COOKIE to the HTTP Response, telling the browser that a COOKIE needs to be set. The COOKIE name is PHPSESSID and the value is r887k5n4scg32d4ba34huuhmq7, such as:
Copy code The code is as follows: Response Headers
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection:Keep-Alive
Content-Length:0
Content-Type:text/html
Date:Sun, 08 Dec 2013 12:56:56 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive:timeout=5, max=100
Pragma:no-cache
Server:Apache/2.2.11 (Win32) PHP/5.4.7
Set-Cookie:PHPSESSID=r887k5n4scg32d4ba34huuhmq7; path=/
X-Powered-By:PHP/5.4.7
3. When the client visits the page of the website again, the browser will send the COOKIE to the server. The server reads the SESSION file stored on the server based on the value of the COOKIE and gets the session information, such as :
Copy code The code is as follows: Request Headers
Accept:text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:zh-CN,zh;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:PHPSESSID=r887k5n4scg32d4ba34huuhmq7
Host:s.local
User-Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63
To achieve the purpose of saving session state. But we also need to pay attention to what happens if we obtain the SESSION ID logged in by user A? According to the above logic, if the obtained SESSION ID is sent to the server during the request process, the server reads the file based on the SESSION ID and finds that the file content exists, thus determining that the user is user A, that is, user A is obtained User status, so some sensitive operations may be possible. Therefore, within the validity period of the session, obtaining the SESSION ID means obtaining the user's authorization. This is relatively dangerous. Taking a local management system as an example, after logging in through chrome, you can see the client COOKIE as shown below:
If you obtain the SESSION ID through some means, you can simulate sending the same COOKIE to log in. COOKIE can be added to FireFox. After opening Firebug, create a new cookie in Cookies. After confirming, refresh the page to log in to the management system, as shown below:
Usually, cookies can be obtained through js, so you need to pay attention to escaping to prevent them from being executed when the data is displayed. Next, take a look at SESSION in CI. There are several parameters related to Session configuration in the configuration file, which affect the use of Session. They are:
//session保存在cookie中的名称 $config['sess_cookie_name'] = 'ci_session'; //session的有效时间 $config['sess_expiration'] = 7200; //是否关闭浏览器session失效 $config['sess_expire_on_close'] = FALSE; //SESSION是否加密存放在COOKIE中 $config['sess_encrypt_cookie'] = FALSE; //是否保存在数据库中 $config['sess_use_database'] = FALSE; //存在数据库中,则数据库表名 $config['sess_table_name'] = 'ci_sessions'; //是否匹配IP $config['sess_match_ip'] = FALSE; //是否匹配UserAgent $config['sess_match_useragent'] = TRUE; //更新时间时间 $config['sess_time_to_update'] = 300;
The SESSION that comes with CI does not store files on the server side. All information is stored in the client COOKIE. When $this->load->library('session'); is called, a session will be started, that is, Set a COOKIE. The content of the COOKIE is as follows:
Array ( [session_id] => f05138a9513e4928cb0a57672cfe3b53 [ip_address] => 127.0.0.1 [user_agent] => Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 [last_activity] => 1386569398 [user_data] => )
When the client requests, this information will be transmitted to the server in the HTTP header, and the server will read the SESSION information from the HTTP header. Sessions can be implemented in the same way, but there are many uncertain factors in this method. Let’s talk about a few points based on the source code:
1. If the log file appears: The session cookie data did not match what was expected. This could be a possible hacking attempt. Explain two problems: a.sess_encrypt_cookie is false, SESSION is not encrypted and stored in COOKIE b. After reading the COOKIE, the verification failed. When it comes to encryption, decryption, and parameter processing, it is easy to fail the match. If it fails, the SESSION will be cleared.
2. If sess_match_ip is true, when the client IP changes, the SESSION will fail the verification, thus clearing the SESSION.
3. sess_match_useragent defaults to true. When the client UserAgent changes, the verification fails and SESION is cleared. A simple example is to access through IE browser. If you switch to a different IE mode, the Agent is different, so the verification fails and the SESSION is cleared.
As you can see, when any of the above situations occurs, the SESSION will be cleared, and the login will fail or jump to the login page. What if there is no encryption, no verification of IP and UserAgent? Because COOKIE is stored on the client and needs to be sent to the server along with the HTTP request. Firstly, too many COOKIE will affect the speed and completely waste bandwidth for some resources such as pictures. Secondly, COOKIE can only store 4K data and is encrypted. It can be stored smaller after processing.
Various uncertain factors will produce all kinds of strange problems. Avoid too much entanglement and decisively switch to other methods.
Readers who are interested in more content related to the CodeIgniter framework can check out the special topic on this site: "Introduction to codeigniter tutorial"
I hope this article will be helpful to everyone’s PHP program design based on the CodeIgniter framework.
Articles you may be interested in:
- CodeIgniter configuration database.php usage example analysis
- CodeIgniter configuration routes.php usage example analysis
- CodeIgniter Configuration config.php usage example analysis
- CI (Codeigniter) Setting enhanced configuration class example
- Using Smarty3 basic configuration in CodeIgniter
- Configuring codeigniter framework method under Nginx
- CI (CodeIgniter) framework configuration
- Detailed introduction to the basic configuration of CodeIgniter
- Analysis of CodeIgniter custom configuration file
- CodeIgniter configuration autoload.php automatic loading usage analysis
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1662
14
1419
52
1313
25
1262
29
1235
24
How to set up Git configuration in PyCharm
Feb 20, 2024 am 09:47 AM
Title: How to correctly configure Git in PyCharm In modern software development, the version control system is a very important tool, and Git, as one of the popular version control systems, provides developers with powerful functions and flexible operations. As a powerful Python integrated development environment, PyCharm comes with support for Git, allowing developers to manage code versions more conveniently. This article will introduce how to correctly configure Git in PyCharm to facilitate better development during the development process.
The working principle and configuration method of GDM in Linux system
Mar 01, 2024 pm 06:36 PM
Title: The working principle and configuration method of GDM in Linux systems In Linux operating systems, GDM (GNOMEDisplayManager) is a common display manager used to control graphical user interface (GUI) login and user session management. This article will introduce the working principle and configuration method of GDM, as well as provide specific code examples. 1. Working principle of GDM GDM is the display manager in the GNOME desktop environment. It is responsible for starting the X server and providing the login interface. The user enters
The perfect combination of PyCharm and PyTorch: detailed installation and configuration steps
Feb 21, 2024 pm 12:00 PM
PyCharm is a powerful integrated development environment (IDE), and PyTorch is a popular open source framework in the field of deep learning. In the field of machine learning and deep learning, using PyCharm and PyTorch for development can greatly improve development efficiency and code quality. This article will introduce in detail how to install and configure PyTorch in PyCharm, and attach specific code examples to help readers better utilize the powerful functions of these two. Step 1: Install PyCharm and Python
Understand Linux Bashrc: functions, configuration and usage
Mar 20, 2024 pm 03:30 PM
Understanding Linux Bashrc: Function, Configuration and Usage In Linux systems, Bashrc (BourneAgainShellruncommands) is a very important configuration file, which contains various commands and settings that are automatically run when the system starts. The Bashrc file is usually located in the user's home directory and is a hidden file. Its function is to customize the Bashshell environment for the user. 1. Bashrc function setting environment
How to configure workgroup in win11 system
Feb 22, 2024 pm 09:50 PM
How to configure a workgroup in Win11 A workgroup is a way to connect multiple computers in a local area network, which allows files, printers, and other resources to be shared between computers. In Win11 system, configuring a workgroup is very simple, just follow the steps below. Step 1: Open the "Settings" application. First, click the "Start" button of the Win11 system, and then select the "Settings" application in the pop-up menu. You can also use the shortcut "Win+I" to open "Settings". Step 2: Select "System" In the Settings app, you will see multiple options. Please click the "System" option to enter the system settings page. Step 3: Select "About" In the "System" settings page, you will see multiple sub-options. Please click
Simple and easy-to-understand PyCharm configuration Git tutorial
Feb 20, 2024 am 08:28 AM
PyCharm is a commonly used integrated development environment (IDE). In daily development, using Git to manage code is essential. This article will introduce how to configure Git in PyCharm and use Git for code management, with specific code examples. Step 1: Install Git First, make sure Git is installed on your computer. If it is not installed, you can go to [Git official website](https://git-scm.com/) to download and install the latest version of Git
How to configure and install FTPS in Linux system
Mar 20, 2024 pm 02:03 PM
Title: How to configure and install FTPS in Linux system, specific code examples are required. In Linux system, FTPS is a secure file transfer protocol. Compared with FTP, FTPS encrypts the transmitted data through TLS/SSL protocol, which improves Security of data transmission. In this article, we will introduce how to configure and install FTPS in a Linux system and provide specific code examples. Step 1: Install vsftpd Open the terminal and enter the following command to install vsftpd: sudo
How to install and configure DRBD on CentOS7 system? Tutorial on implementing high availability and data redundancy!
Feb 22, 2024 pm 02:13 PM
DRBD (DistributedReplicatedBlockDevice) is an open source solution for achieving data redundancy and high availability. Here is the tutorial to install and configure DRBD on CentOS7 system: Install DRBD: Open a terminal and log in to the CentOS7 system as administrator. Run the following command to install the DRBD package: sudoyuminstalldrbd Configure DRBD: Edit the DRBD configuration file (usually located in the /etc/drbd.d directory) to configure the settings for DRBD resources. For example, you can define the IP addresses, ports, and devices of the primary node and backup node. Make sure there is a network connection between the primary node and the backup node.
