PHP session control cookie and Session processing_PHP tutorial

In PHP, cookies and sessions are usually used for registration, login and recording user information, but there are big differences between cookies and sessions. Let’s take a look at them together.

Session Introduction: HTTP (Hypertext Transfer Protocol) defines the transmission of text, graphics, video and all over the World Wide Web (WWW)
All other data rules. HTTP is a stateless protocol, which means that the processing of each request is related to the previous or following
The request is irrelevant. Although this simplified implementation has made an outstanding contribution to the popularity of HTTP, it is not suitable for those who want to create complex
For web application developers, this is a bit confusing. In order to solve this problem, there is a method on the client
A small amount of information (cookies) is stored on the machine.
Due to cookie size limitations, quantity and other reasons, developers have proposed another solution: session will
Word processing.
one. Cookie
Applications
Set cookies: The setcookie() function can generate a cookie file on the client, and this file can be saved to
Period time, name, value, etc.
Create cookie

The code is as follows	Copy code
代码如下	复制代码
setcookie(‘name’,'Lee’,time()+(7*24*60*60));//设置一个过期时间为7天的cookie ?>

setcookie('name','Lee',time()+(7*24*60*60));//Set a cookie with an expiration time of 7 days

?>

Parameter 1: cookie name

Parameter 2: cookie value

Parameter 3: cookie expiration time

View cookies

Open Firefox: Tools-Page Information-Security-View Cookies, you can view the current cookie information

代码如下	复制代码
echo $_COOKIE['name']; ?>

Read cookie

The code is as follows	Copy code
echo $_COOKIE['name'];  代码如下 复制代码 setcookie(‘name’,”); setcookie(‘name’,'Lee’,time()-1); ?> ?>

Delete cookies

The code is as follows	Copy code
setcookie(‘name’,”); setcookie(‘name’,’Lee’,time()-1); ?>

Restrictions on the use of cookies
1. Must be set before the content of the HTML file is output; 2. Different browsers handle cookies inconsistently, and sometimes incorrect results may occur.
3. The restriction is on the client side. The maximum number of cookies that a browser can create is 30, and each cookie cannot be
More than 4KB, the total number of cookies that can be set by each WEB site cannot exceed 20.

代码如下	复制代码
session_start(); $_SESSION['name'] = ‘Lee’; echo $_SESSION['name']; ?>

2. Session

代码如下	复制代码
session_start(); $_SESSION['name'] = ‘Lee’; if (isset($_SESSION['name'])) { echo $_SESSION['name']; } ?>

Session processing When using session session processing, you must start the session and use session_start() to start the session. Create session and read session

The code is as follows	Copy code
session_start(); $_SESSION['name'] = 'Lee'; echo $_SESSION['name']; ?>

Determine whether the session exists

The code is as follows	Copy code
session_start(); $_SESSION['name'] = 'Lee'; if (isset($_SESSION['name'])) { echo $_SESSION['name']; } ?>

Delete session

代码如下	复制代码
session_start(); $_SESSION['name'] = ‘Lee’; unset($_SESSION['name']); echo $_SESSION['name']; ?>

Destroy all sessions

代码如下	复制代码
session_start(); $_SESSION['name'] = ‘Lee’; $_SESSION['name2'] = ‘Lee’; session_destroy(); echo $_SESSION['name']; echo $_SESSION['name2']; ?>

The difference and relationship between cookie and session
•Storage location:
1. The session is stored on the server location, and session-related configurations can be configured through php.ini
2. Cookies are stored on the client (actually they can be divided into two types:
1. Persistent cookie, the time when the cookie is set, is stored on the hard disk in the form of a file,

2. Session cookie, no cookie time is set, and the life cycle of the cookie is to disappear before closing the browser. Generally, it will not be saved on the hard disk, but on the memory)

The relationship between cookie and session

Cookie sent via http header:

Cookie name=PHP%BB%B4%B1%B1; PHPSESSID=cpt2ah3pi4cu7lo69nfbfllbo7

PHPSESSID is an important parameter associated with the server session

Look at the session file again: sess_cpt2ah3pi4cu7lo69nfbfllbo7

The generation format of session_id is: sess_ plus a string of PHPSESSID values

We can understand it this way:

When the program needs to create a session for a client's request, the server first checks whether the client's request already contains a session identifier (called session id). If it does, it means that this client has been used before. Once a session is created, the server will retrieve the session and use it according to the session id (if it cannot be retrieved, it will create a new one). If the client request does not include the session id, a session will be created for the client and a session will be generated associated with this session. The session id, the value of the session id should be a string that is neither repeated nor easy to find patterns to counterfeit. This session id will be returned to the client in this response for storage. The method of saving this session ID can use cookies, so that during the interaction process, the browser can automatically send this identification to the server according to the rules. Generally, the name of this cookie is similar to SEEESIONID

Configuration related to session and cookie in php.ini

1,session.use_cookie = 1
Whether to use the Cookie method to pass the session id value. The default is 1, which means enabled.
2,session.name = PHPSESSID
Whether the cookie passes sessioin_id or the GET method passes session_id, the key value needs to be used. Their formats are Cookie: sess_name=session_id; and /path.php?sess_name=session_id, where sess_name is specified here.
3,session.use_only_cookies = 0
Indicates that only the session id is passed using the Cookie method. We have said that in addition to cookies, there is also the GET method for passing cookies. The GET method is an unsafe method. When cookies are disabled on the user side, the GET method will be used to pass the session_id. You can use this setting to pass the session_id using the GET method.
4. session.cookie_lifetime = 0, session.cookie_path = / and session.cookie_domain =
If you use the Cookie method to pass session_id, the cookie valid domain, directory and time are specified here. Corresponding to the formal parameters $expire, $path and $domain of the setcookie() function respectively. Among them, cookie_lifetime=0 means that the cookie will not be deleted until the browser is closed. These values ​​can also be modified using the session_set_cookie_params() function.
5,session_name([string $name])
Get or update session_name. If name is passed, it means that the default name PHPSESSID (specified by session.name) is not used, otherwise the current session_name is obtained. Note: If session_name is set, it must be called before session_start() to take effect.
6,session_id([string $id])
Similar to session_name(), but it is a method to read or set session_id. Similarly, if session_id is set, it must be called before session_start() to be effective.
7, session_set_cookie_params() and session_get_cookie_params()
The three php.ini settings of session.cookie_lifetime, session.cookie_path and session.cookie_domain can be reset through session_set_cookie_params(). Session_get_cookie_params() obtains the values ​​of these settings.

Here I made a table to summarize their differences and similarities: