看看session的发明人是怎么说的
PHP4 adds some session management functions that make our life easier when dealing with sessions. The ones we are interested in are:
--------------------------------------------------------------------------------session_start();
session_register();
--------------------------------------------------------------------------------session_start() is used to start up PHP4's session management capabilities; you need to call it before you use any of the other session functions. session_register() is used to tell PHP which variables to track in the session. A typical call to these functions would look like this: session_register("SESSION"); This tells PHP to start up the session manager, and tells PHP that the variable called SESSION is a session variable. You can register as many session variables as you like, but I prefer to only register one session variable called SESSION, and anything I need persistent I put into this variable. For example, I like to say: --------------------------------------------------------------------------------session_register("SESSION");
$SESSION["var1"] = 5;
$SESSION["var2"] = 6;
--------------------------------------------------------------------------------instead of
--------------------------------------------------------------------------------session_register("var1");
session_register("var2");
$var1 = 5;
$var2 = 6;
--------------------------------------------------------------------------------
because after you register lots of session variables, you tend to forget what they were, well, at least I do :).
Anyhow, by now you probably want to see some code in action, so create a script called session_test.php somewhere accessible, and put into it: --------------------------------------------------------------------------------<?
session_start();
session_register("SESSION");if (! isset($SESSION)) {
$SESSION["count"] = 0;
echo "<li>Counter initialized, please reload this page to see it increment";
} else {
echo "<li>Waking up session $PHPSESSID";
$SESSION["count"]++;
}
echo "<li>The counter is now $SESSION[count] ";
?>
--------------------------------------------------------------------------------Fire that up in your browser, the first time you hit the page, it should say " Counter initialized, please reload this page to see it increment". Each time you reload it, the counter value should increment by one. You will also see the session ID. If it does, then hurray, your PHP4 session manager works :) So how does this work? Well, when you call session_start(), PHP4 determines a unique session ID for the client. This session ID is an MD5 hash of something (not sure what), and it is stored as a cookie on the client's PC. Now each time that client makes a request, PHP4 will read this session ID and load up the data for the session. When you call session_register(), you are telling PHP4 which variables you want kept in the session. Each page that loads up, the previous values for the registered variables will be reloaded, and each time the page ends PHP4 will save the values of the registered variables. By default, PHP keeps track of the sessions in temporary files in the /tmp directory, take a listings and see for yourself: You will see something like this: ---------------------------------------------------------------------------------rw------- 1 apache web 10 May 7 15:27 sess_6dd9ea8e61cd49cd3ad6de8c8b8885e8
-rw------- 1 apache web 10 May 7 19:49 sess_7d7f97afb6759948f554b00272494e52
-rw------- 1 apache web 6 May 9 01:00 sess_8ab78830e151add9d79b628958ce4eb9
-rw------- 1 apache web 31 May 9 11:41 sess_a3058a6bb1baf57f565c3844c8810f4b
-rw------- 1 apache web 30 May 9 11:42 sess_c379faad83ad3dc8ab6d22c14dbab3b4
-rw------- 1 apache web 6 May 8 01:00 sess_cd68a5054241aff1a8157c289683e869
-rw------- 1 apache web 34 May 7 15:17 sess_cd97e41912b28c44cc0481b7d978cb61
-rw------- 1 apache web 42 May 9 11:23 sess_d1285edd0c951c70b1aec17a5f602fc0
-rw------- 1 apache web 30 May 9 11:42 sess_da93f6e19b6be01257d7a6453766a23d
-rw------- 1 apache web 42 May 7 21:26 sess_e837123c1af78c538e89b47030fde337
--------------------------------------------------------------------------------Each one of those files is a session, let's take a look at one of them (note, you probably have to su to root to peek inside a session file). Tip: don't just cut and paste the following commands, you need to specify the name of a real file: --------------------------------------------------------------------------------# more /tmp/sess_a3058a6bb1baf57f565c3844c8810f4b
--------------------------------------------------------------------------------You will see something like this: --------------------------------------------------------------------------------SESSION|a:1:{s:5:"count";i:234;}
--------------------------------------------------------------------------------Does that look familiar? It should if you've ever used the serialize() and unserialize() functions in PHP. If not, don't worry about it. Anyhow, I just wanted to illustrate how sessions were stored. You can rewrite the PHP session handlers to store sessions into a database or whatever else, but that's beyond the scope of this tutorial (but it's not hard at all). 另外,这里有一些php的不错的东西
http://unix.cdnet.edu.cn/LinuxDoc/LDP/HOWTO/PHP-HOWTO.html浅妄薄见,望与斟酌
PHP4 adds some session management functions that make our life easier when dealing with sessions. The ones we are interested in are:
--------------------------------------------------------------------------------session_start();
session_register();
--------------------------------------------------------------------------------session_start() is used to start up PHP4's session management capabilities; you need to call it before you use any of the other session functions. session_register() is used to tell PHP which variables to track in the session. A typical call to these functions would look like this: session_register("SESSION"); This tells PHP to start up the session manager, and tells PHP that the variable called SESSION is a session variable. You can register as many session variables as you like, but I prefer to only register one session variable called SESSION, and anything I need persistent I put into this variable. For example, I like to say: --------------------------------------------------------------------------------session_register("SESSION");
$SESSION["var1"] = 5;
$SESSION["var2"] = 6;
--------------------------------------------------------------------------------instead of
--------------------------------------------------------------------------------session_register("var1");
session_register("var2");
$var1 = 5;
$var2 = 6;
--------------------------------------------------------------------------------
because after you register lots of session variables, you tend to forget what they were, well, at least I do :).
Anyhow, by now you probably want to see some code in action, so create a script called session_test.php somewhere accessible, and put into it: --------------------------------------------------------------------------------<?
session_start();
session_register("SESSION");if (! isset($SESSION)) {
$SESSION["count"] = 0;
echo "<li>Counter initialized, please reload this page to see it increment";
} else {
echo "<li>Waking up session $PHPSESSID";
$SESSION["count"]++;
}
echo "<li>The counter is now $SESSION[count] ";
?>
--------------------------------------------------------------------------------Fire that up in your browser, the first time you hit the page, it should say " Counter initialized, please reload this page to see it increment". Each time you reload it, the counter value should increment by one. You will also see the session ID. If it does, then hurray, your PHP4 session manager works :) So how does this work? Well, when you call session_start(), PHP4 determines a unique session ID for the client. This session ID is an MD5 hash of something (not sure what), and it is stored as a cookie on the client's PC. Now each time that client makes a request, PHP4 will read this session ID and load up the data for the session. When you call session_register(), you are telling PHP4 which variables you want kept in the session. Each page that loads up, the previous values for the registered variables will be reloaded, and each time the page ends PHP4 will save the values of the registered variables. By default, PHP keeps track of the sessions in temporary files in the /tmp directory, take a listings and see for yourself: You will see something like this: ---------------------------------------------------------------------------------rw------- 1 apache web 10 May 7 15:27 sess_6dd9ea8e61cd49cd3ad6de8c8b8885e8
-rw------- 1 apache web 10 May 7 19:49 sess_7d7f97afb6759948f554b00272494e52
-rw------- 1 apache web 6 May 9 01:00 sess_8ab78830e151add9d79b628958ce4eb9
-rw------- 1 apache web 31 May 9 11:41 sess_a3058a6bb1baf57f565c3844c8810f4b
-rw------- 1 apache web 30 May 9 11:42 sess_c379faad83ad3dc8ab6d22c14dbab3b4
-rw------- 1 apache web 6 May 8 01:00 sess_cd68a5054241aff1a8157c289683e869
-rw------- 1 apache web 34 May 7 15:17 sess_cd97e41912b28c44cc0481b7d978cb61
-rw------- 1 apache web 42 May 9 11:23 sess_d1285edd0c951c70b1aec17a5f602fc0
-rw------- 1 apache web 30 May 9 11:42 sess_da93f6e19b6be01257d7a6453766a23d
-rw------- 1 apache web 42 May 7 21:26 sess_e837123c1af78c538e89b47030fde337
--------------------------------------------------------------------------------Each one of those files is a session, let's take a look at one of them (note, you probably have to su to root to peek inside a session file). Tip: don't just cut and paste the following commands, you need to specify the name of a real file: --------------------------------------------------------------------------------# more /tmp/sess_a3058a6bb1baf57f565c3844c8810f4b
--------------------------------------------------------------------------------You will see something like this: --------------------------------------------------------------------------------SESSION|a:1:{s:5:"count";i:234;}
--------------------------------------------------------------------------------Does that look familiar? It should if you've ever used the serialize() and unserialize() functions in PHP. If not, don't worry about it. Anyhow, I just wanted to illustrate how sessions were stored. You can rewrite the PHP session handlers to store sessions into a database or whatever else, but that's beyond the scope of this tutorial (but it's not hard at all). 另外,这里有一些php的不错的东西
http://unix.cdnet.edu.cn/LinuxDoc/LDP/HOWTO/PHP-HOWTO.html浅妄薄见,望与斟酌
session的作用:session在用户访问时产生(当然,程序里使用session的情况下),它在服务器端通过web服务器,创建该用户专用的session空间,用来存储与该用户个人相关的信息。如登陆信息等。这种状态仅与该用户相关,与别的任何用户,甚至说,与该用户的别的浏览器都没有关系,这是安全上的实现。当用户进程的破弃发生时,该session执行两种任务,1是马上破弃,清除用户信息等。2是保留状态,一般是第二种情况,服务器一般设定一个session过期时间,如1分钟或半小时。之后,session破弃。在我们使用浏览器进行浏览时,通常会[碰到这样的情况,打开浏览器以后,有一段时间没有去进行任何工作,这时候,服务器端session破弃,启动清除session存储区,此时在进行任何工作,均会得到session过期的提示消息,可是参照hotmailsession可以用于全局控制,如安全信息的控制。及时进行用户验证等工作。
再一个,如需要实现购物小车,在线购物之类功能的程序的时候,session将会起到很大的作用。可以将需要的信息,及时地存储在session区,动态的进行访问等。
在开发一些较大规模的网站的时候,session就显得很有必要。有什么不明白的地方,可以再联系。
1.是http这种无状态的协议的补充,可以保存一定的信息,用来实现与用户的交互.这个信息保存与服务器中.每个用户不相同.
2.有一定的时间限制,与用户上网的情况相吻合.一般从登录开始到一定的时间.
3.cookie保存在客户端,在安全不及session.
利用SESSION可以存储跨网页的全局变量
Session对象
Session对象用于存储和接受有关某一特殊用户进程的信息。
集合
Session.Contents(Key)
所有在Session水平定义的,没有使用<OBJECT>的数据和对象的集合。Key是Session条目的名称。
Session.StaticObjects(Key)
所有使用<OBJECT>在Session水平定义的数据和对象的集合。Key是返回的属性。
方法
Session.Abadon
用于取消一个用户Session。破坏包含在用户Session中所有的数据和对象。
属性
Session.CodePage
指明当显示动态内容时,所使用的服务器代码页。
Session.LCTD
指明当显示动态内容时,所使用的局部标识。
Session.SessionID
一个用户session的唯一标识。
Session.TimeOut
在一个空闲session自动结束之前所等待的时间,该属性的缺省值为20分钟。
关于cookie :
在互联网上从来没有一种技术象cookie这么有争议,它是服务器在客户端保存的一些和用户有关的一些信息,以次来跟踪用户在互联网上的行为
session默认的变量就是cookie---全局变量--在php4以后实现了跨窗口的传递。当用户的浏览器禁止session时,session就用querystring来传递变量---就是平常看到的url中?后面的东西浅妄薄见,望与斟酌