The sessions on PHP works with a Cookie type session, while on server-side the session information is constantly deleted.

PHP 上的会话使用 Cookie 类型的会话，而在服务器端，会话信息会不断被删除。

For set the time life in php, you can use the function session_set_cookie_params, before the session_start:

要在 php 中设置时间寿命，您可以在session_start之前使用函数session_set_cookie_params ：

session_set_cookie_params(3600,"/");
session_start();

For ex, 3600 seconds is one hour, for 2 hours 3600*2 = 7200.

例如，3600 秒是一小时，2 小时是 3600*2 = 7200。

But it is session cookie, the browser can expire it by itself, if you want to save large time sessions (like remember login), you need to save the data in the server and a standard cookie in the client side.

但它是会话cookie，浏览器可以自行过期，如果你想保存大时间的会话（比如记住登录），你需要在服务器端保存数据，在客户端保存一个标准的cookie。

You can have a Table "Sessions":

你可以有一个表“会话”：

• session_id int
• session_hash varchar(20)
• session_data text

• session_id 整数
• session_hash varchar(20)
• session_data 文本

And validating a Cookie, you save the "session id" and the "hash" (for security) on client side, and you can save the session's data on the server side, ex:

并验证 Cookie，您在客户端保存“会话 ID”和“哈希”（为了安全），您可以在服务器端保存会话数据，例如：

On login:

登录时：

setcookie('sessid', $sessionid, 604800);      // One week or seven days
setcookie('sesshash', $sessionhash, 604800);  // One week or seven days
// And save the session data:
saveSessionData($sessionid, $sessionhash, serialize($_SESSION)); // saveSessionData is your function

If the user return:

如果用户返回：

if (isset($_COOKIE['sessid'])) {
    if (valide_session($_COOKIE['sessid'], $_COOKIE['sesshash'])) {
        $_SESSION = unserialize(get_session_data($_COOKIE['sessid']));
    } else {
        // Dont validate the hash, possible session falsification
    }
}

Obviously, save all session/cookies calls, before sending data.

显然，在发送数据之前保存所有会话/cookie 调用。

Set following php parameters to same value in seconds:

在几秒钟内将以下 php 参数设置为相同的值：

session.cookie_lifetime
session.gc_maxlifetime

in php.ini, .htaccess or for example with

在 php.ini、.htaccess 或例如

ini_set('session.cookie_lifetime', 86400);
ini_set('session.gc_maxlifetime', 86400);

for a day.

一天。

Links:

链接：

http://www.php.net/manual/en/session.configuration.php

http://www.php.net/manual/en/session.configuration.php

http://www.php.net/manual/en/function.ini-set.php

http://www.php.net/manual/en/function.ini-set.php

Prior to PHP 7, the session_start() function did not directly accept any configuration options. Now you can do it this way

在 PHP 7 之前， session_start() 函数不直接接受任何配置选项。现在你可以这样做

<?php
// This sends a persistent cookie that lasts a day.
session_start([
    'cookie_lifetime' => 86400,
]);
?>

Reference: https://php.net/manual/en/function.session-start.php#example-5976

参考：https: //php.net/manual/en/function.session-start.php#example-5976

Sessions can be configured in your php.ini file or in your .htaccess file. Have a look at the PHP session documentation.

会话可以在 php.ini 文件或 .htaccess 文件中配置。查看PHP 会话文档。

What you basically want to do is look for the line session.cookie_lifetimein php.ini and make it's value is 0 so that the session cookie is valid until the browser is closed. If you can't edit that file, you could add php_value session.cookie_lifetime 0to your .htaccess file.

您基本上想要做的是session.cookie_lifetime在 php.ini 中查找该行并使其值为 0，以便会话 cookie 在浏览器关闭之前一直有效。如果您无法编辑该文件，您可以添加php_value session.cookie_lifetime 0到您的 .htaccess 文件中。

Since most sessions are stored in a COOKIE (as per the above comments and solutions) it is important to make sure the COOKIE is flagged as a SECURE one (front C#):

由于大多数会话都存储在 COOKIE 中（根据上面的评论和解决方案），因此确保将 COOKIE 标记为 SECURE 非常重要（前端 C#）：

myHttpOnlyCookie.HttpOnly = true;

and/or vie php.ini (default TRUE since php 5.3):

和/或 vie php.ini（自 php 5.3 起默认为 TRUE）：

session.cookie_httponly = True

As long as the User does not delete their cookies or close their browser, the session should stay in existence.

只要用户不删除他们的 cookie 或关闭他们的浏览器，会话就应该保持存在。