[PHP Instance] Detailed introduction to modifying the lifetime of SESSION

Watson Blog
Watson Blog
Watson Blog
one thousand four hundred and twenty-one
article
nine
comment
December 5, 2017 13:07:38 PHP technology comment one hundred and thirty-eight Reading mode

[PHP Example] Modify the detailed introduction of SESSION's life time. This problem is often encountered in interviews. Since the blogger has been frequently interviewed for a job recently, this problem will be sorted out and recorded.

To modify the lifetime of the SESSION, let's manually set the lifetime of the session:

  1. <? php  
  2. session_start();    
  3. //Save for one day   
  4. $lifeTime  = 24 * 3600;    
  5. setcookie(session_name(), session_id(), time() +  $lifeTime "/" );    
  6. ?>   

In fact, Session also provides a function session_set_cookie_params(); To set the lifetime of the session. This function must be in the session_start() Call before function call:

  1. <? php   
  2. //Save for one day   
  3. $lifeTime  = 24 * 3600;    
  4. session_set_cookie_params( $lifeTime );    
  5. session_start();   
  6. $_SESSION [ "admin" ] = true;    
  7. ?>   

If the client uses IE 6.0, session_set_cookie_params(); There are some problems with the function to set cookies, so we still call the setcookie function manually to create cookies.
 

Session expiration time setting in php

Many people on the Internet have given the answer: modify the session.gc_maxlifetime If you want to know more about the session recycling mechanism, continue reading.

Overview: Every php request has a probability of 1/100 (the default value) to trigger "session recycling". If "session recycling" occurs, the/tmp/sess_ * file will be checked. If the last modification time has exceeded 1440 seconds (the value of gc_maxlifetime), it will be deleted, which means that these sessions are expired.
 

1. How does a session exist on the server side (usually Apache with PHP module)?

By default, php will save the session in the/tmp directory. The file name is like this: sess_01aab840166fd1dc253e3b4a3f0b8381. Each file corresponds to a session.

more /tmp/sess_01aab840166fd1dc253e3b4a3f0b8381

username|s:9:”jiangfeng”;admin|s:1:”0″;

#Variable name | Type: Length: Value

Deleting the session file here means that the corresponding session is invalid.

 

2. How does a session exist on the client side (usually the browser)?

The session is on the browser side. You only need to save the session ID (the unique ID generated by the server side). There are two ways to save: in cookies and in urls. If the session ID is saved in the cookie, you can see that there is a PHPSESID variable in the browser's cookie. If it is passed by URL, you can see the shape as follows:
Index. php? PHPSESID=01aab840166fd1dc253e3b4a3f0b8381. (On the server side, use session.use_cookies to control which method to use)

 

3. On the server side, how does PHP determine whether the session file is expired?

If the "last modification time" to "now" exceeds the gc_maxlifetime (1440 by default) seconds, the session file is considered to be expired. If the file has not been changed in the next session recycling, the session file will be deleted (the session will be expired).

To put it simply, if I log on to a website and have not operated within 1440 seconds (the default value), the corresponding session is considered expired.

Therefore, modifying the gc_maxlifetime variable in the php.ini file can extend the expiration time of the session: (For example, we modified the expiration time to 86400 seconds)

  1. session.gc_maxlifetime = 86400  

Then, restart your web service (usually Apache).

Note: In PHP 5, the session expiration uses the recycling mechanism. The time set here is 86400 seconds. If the session has not been modified in 86400 seconds, it will be deleted in the next "recycle".

 

4. When does session "recycling" occur?

By default, every php request has a 1/100 probability of recycling, so it may be simply understood as "every 100 php requests have a recycling occurrence". This probability is controlled by the following parameters

  1. #The probability is gc_probability/gc_divisor
  2. session.gc_probability = 1  
  3. session.gc_divisor = 100  

Note 1: If gc_maxlifetime=120 in this case, if the last modification time of a session file is 120 seconds ago, the session is still valid until the next recycle (1/100 probability) occurs.

Note 2: If your session uses session.save_path to save the session elsewhere, the session recycling mechanism may not automatically process expired session files. At this time, you need to manually (or crontab) delete expired sessions: cd/path/to/sessions; find -cmin +24 | xargs rm
 

5. Some special cases

Because the recycling mechanism checks the "last modification time" of the file, if a session is active, but the session content has not changed, the corresponding session file has not changed. The recycling mechanism will consider this as a session that has not been active for a long time and delete it. This is something we don't want to see. We can solve this problem by adding the following simple code:

  1. <? php  
  2. if (!isset( $_SESSION ['last_access'])||(time()- $_SESSION ['last_access'])>60)  
  3.   $_SESSION ['last_access'] = time();   
  4. ?>   

The code will try to modify the session every 60 seconds.
 

Conclusion: If you want to modify the session expiration time, you can modify the variable gc_maxlifetime. The session of PHP 5 uses a passive garbage collection mechanism. Expired session files will not disappear by themselves, but will be processed by triggering "recycle".

Organized from: http://www.cnblogs.com/xp796/p/5236820.html

Watson Blog
  • This article is written by Published on December 5, 2017 13:07:38
  • This article is collected and sorted by the website of Mutual Benefit, and the email address for problem feedback is: wosnnet@foxmail.com , please keep the link of this article for reprinting: https://wosn.net/894.html

Comment