跨境电商
经验交流分享

PHP的SESSION机制详解

A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.

The session support allows you to register arbitrary numbers of variables to be preserved across requests. When a visitor accesses your site, PHP will check automatically (if session.auto_start is set to 1) or on your request (explicitly through session_start() or implicitly through session_register()) whether a specific session id has been sent with the request. If this is the case, the prior saved environment is recreated.

PHP手册中对SESSION做出如上定义.当用户访问你的网站时,会被赋予一个唯一的id,也就是session_id().这个值根据配置,存储在客户端中的cookie里,或者通过URL传递.

SESSION允许注册任意数量的变量,并在客户端请求中保持使用.当session.auto_start配置为1或者通过session_start()手动开启SESSION的时候,用户访问你的网站,PHP就会检测该请求是否已被赋予一个session_id().如果检测到客户端中保存有session_id(),之前赋予此session_id()的环境就会被重建.相关变量会从服务器传递到客户端.

总结: PHP的SESSION机制从根本上关联session_id().就好比数据库中的主键.下边从客户端和服务器端的角度,分别讲下几个SESSION配置文件中经常混淆的地方.

从客户端来说:

当设置ini_set(‘session.cookie_lifetime’,’10’)的时候,即通过session发送到客户端得cookie值只能存活10秒钟.也就是说SESSION机制中赖以生存的session_id()值,在10秒之后会被客户端删除.用户在十秒钟之后再次访问页面的时候,服务器因为检测不到客户端有session_id()值的存在,重新分配新的session_id()给客户端.

从服务器端来说:

虽然PHP有垃圾回收机制,但是从特殊需要,如用户注销登录或者系统性能的角度上考虑,都应该手动去注销SESSION.手动注销SESSION的最好办法就是使用session_destroy()函数,这个函数会完全删除服务器中与当前客户端保存的session_id()关联的一切数据.需要注意的是,session_destroy()并不会删除保存在客户端中的cookie.

PHP对SESSION启用的(Garbage Collection)垃圾回收机制:

这个东西不知道迷倒了多少人.下边三个是关于PHP中SESSION垃圾回收机制配置的文件.具体使用方式就不多说了,网上一搜一大堆.最关键是每一个有用的.

这里说下其中的重点,即使把PHP中垃圾回收机制的配置改成100%,即每次执行session_start()的时候都会开启删除服务器中超过session.gc_maxlifetime中的时间数值的SESSION文件的功能,你的SESSION也不一定就立刻失去作用了!这是个关键,看下面手册中加粗的那一段,session.gc_maxlifetime设置的时间超过之后,当前SESSION只是被认为是垃圾,并且potentially被清除.这就是为啥了.不用多说了.

session.gc_probability integer
session.gc_probability in conjunction with session.gc_divisor is used to manage probability that the gc (garbage collection) routine is started. Defaults to 1. See session.gc_divisor for details.

session.gc_divisor integer
session.gc_divisor coupled with session.gc_probability defines the probability that the gc (garbage collection) process is started on every session initialization. The probability is calculated by using gc_probability/gc_divisor, e.g. 1/100 means there is a 1% chance that the GC process starts on each request. session.gc_divisor defaults to 100.

session.gc_maxlifetime integer
session.gc_maxlifetime specifies the number of seconds after which data will be seen as ‘garbage‘ and potentially cleaned up. Garbage collection may occur during session start (depending on session.gc_probability and session.gc_divisor).

Note:
If different scripts have different values of session.gc_maxlifetime but share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together with session.save_path.

原创不易,转载请说明来自 http://ruiwant.com

赞(0)
未经允许不得转载:锐想 » PHP的SESSION机制详解
分享到: 更多 (0)

评论 抢沙发

评论前必须登录!

 

锐想电商 - 跨境电商经验交流分享

锐想无限