The session to understand
It’s the same… Novice on the road. Great god welcomes advice
1. The concept of the session
What is a session? What is a cookie? These e are old – fashioned questions. And has done the relevant development of the people, basically know. And is not very understanding, Google, to understand these two things is actually not difficult. I won’t go into it here.
2. Relationship between cookies and session
Let me explain my understanding:
Cookie and session schemes belong to the client and the server respectively, but the session implementation of the server is dependent on the cookie of the client. The steps are as follows:
- The server performs the Session mechanism
- Generate the corresponding and unique session_ID (by parsing and processing the session_ID, the server can find the files saved by the session; Extract session information from the file)
- The server sends the session_ID to the client
- The client receives the session_ID and stores it in a cookie container
- The client passes this session_ID to the server on each request
- The server resolves the session itself
Note: Session stores information in various ways: caches, databases, files, etc. But the default is to save as a file…
Question:
- Can sessions still be used after cookies are disabled?
- Is it true that app cannot use session?
To explore the above question.. Let’s look at the timing of session creation and destruction.
3. When to create and destroy a session
- The session creation is accompanied by the creation of a cookie whose MaxAge is -1, which means that it can only exist in memory. When a cookie is disabled on the browser side, the cookie is still created.
- When a browser submits a request with a JsessionID parameter or cookie header, the container does not create a new session, but simply finds the previous session and associates it with it. There are two cases:
1) Use jsessionID. If this value can be matched with an existing session, no new session is created. Otherwise, a new session is still created.
2) Use cookies. If the value can be set to an existing session, no new session is created. However, if there is no session corresponding to it (as after restarting the server above), the container will restore the corresponding session based on the cookie information, just as if there had been one before.
- When is the session destroyed? When we close the browser, open it again, and connect to the server, the server will assign a new session, which means a new session will be started. Is the original session destroyed? I did a little experiment:
Create a session:
// Start session initialization
session_start();
// Register the session variable and assign the value
$_SESSION["username"] = "hello"
// Output the generated session_id
echo session_id();Copy the codeAccess the page to create a session, obtain the session_ID, close the browser;
Create a session object based on session_id
// Session_id output above
$session_id = "qpk6onnn3husvotnke030ftcm4";
session_id($session_id);
session_start();
echo $_SESSION["username"];Copy the codeThe result is “hello”
It can be seen that:
When the browser closes, the original session is not destroyed (the destory method is not executed), but the session is not destroyed until timeout expires. Closing the browser only clears cookies related to the original session in the client’s memory. When you open the browser again for connection, the browser cannot send cookie information, so the server considers it a new session. Therefore, if there are resources associated with a session that want to be cleaned up when the browser closes (temporary files, etc.), you should send a specific request to the server rather than wait for the session to be cleaned up automatically.
4. Regression questions.
In fact, my understanding is very simple (welcome to point out the wrong place).
Session_id = session_id = session_id
Cookies are a means of saving a unique identification (session_id);
Cookies are disabled or not supported, but can be implemented by other means. The server only needs session_id; You can still find the session; Only session mechanism, internal originally through the cookie automatic implementation… If you don’t take cookies, you have to do your own logic… It’s a little off, but the pork’s gone bad, it’s still pork… Depending on how you see it…