I don’t understand how the session life cycle is calculated and how it carries state information. I hope you can give me some advice.
In fact, session is not a unique concept of PHP. All web applications involveSession。 It is actually a mechanism to save state information.Many people don’t think about what state information is, or why there is such a mechanism in the web. In fact, this is closely related to the characteristics of the web. The web does not have a long connection. After each request passes, it is disconnected from the server. In this way, each request is a new request for the server, so it has no continuity and no state without continuity.But for us, statelessness is obviously unacceptable. I can’t ask users to enter user name and password on every page. What we need is status? No matter how many requests are sent, I can keep the status I should have. So we have to solve two problems
- How to save state
- How to get state
So session mechanism came into being. The interaction mechanism between browser and server can be understood as
- The browser said to the server, “Hi, honey, I’m here (making a request), but every day there are countless people who look like me coming to you. I don’t want to share the memory (state) that belongs only to us with others.”
- The server said to the browser, “it doesn’t matter. I’ve locked all my memories in this box (session storage, file, memcached or whatever). I’ll give you the session key (set cookie).”
- The browser said, “OK, I put it in the cookie. I’m gone, 88“
- The next day (the second request), the browser came to the server again: “Hey, I’m here again. Use the key in my purse to open your memory box.”
- The server said, “it’s on! It’s really you who miss me“
In theory, if malware can steal your session key, it can also steal the username and password you are typing. And it’s more dangerous to steal the latter, because the user name and password may be used on multiple websites. Therefore, using anonymous session key to save the login status is a way to stop the loss even if there is a loss.
There are two factors that affect the life cycle of PHP session: one is whether the session information on the server side is still alive; the other is whether the phpsessid in the cookie on the browser side is still alive.
The session information on the server side is created when the session is started. It is usually placed in a file. When PHP starts GC, it will be recycled
The phpsessid recorded in the cookie on the client side records a hash value, pointing to a session on the server side. When the cookie fails, the hash value disappears, and the session fails.
You can see a series of configurations of session, which can also affect the life cycle of session.
PHP passes session ID between each request, and then stores session data in the file or database on the server side, as well as in memory for performance improvement. There are only three ways:1. Pass the session ID through the cookies header in the HTTP request
2. Pass the session ID through the HTTP get request, that is, put the session ID in the URL parameter
3. Pass the session ID through the HTTP post request, that is, pass the session ID in the post dataI wrote an article on the nature of PHP session in my blog with http-http://www.360weboy.com/php/session-c…。 If you are interested, you can read it carefully. If you find anything wrong, you can point it out in the comments, and I will check it and correct it I hope more like-minded friends can share their technical ideas.