PHP 会话如何工作?(不是“它们是如何使用的?”)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1535697/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do PHP sessions work? (not "how are they used?")
提问by Christoffer
Session files are usually stored in, say, /tmp/on the server, and named sess_{session_id}. I have been looking at the contents and cannot figure out how they really work.
会话文件通常存储在/tmp/服务器上,并命名为sess_{session_id}. 我一直在查看内容,但无法弄清楚它们是如何工作的。
Fetching the variable name and and content from the file is easy. But how does PHP know what session belongs to whom?
从文件中获取变量名和内容很容易。但是 PHP 如何知道哪个会话属于谁呢?
The session_id seems totally random and one IP address can have several users, and each user can have several sessions if they have more than one browser window open.
session_id 似乎完全随机,一个 IP 地址可以有多个用户,如果每个用户打开多个浏览器窗口,则可以有多个会话。
So how does it work?
那么它是怎样工作的?
回答by Pascal MARTIN
In the general situation :
一般情况下:
- the session id is sent to the user when his session is created.
- it is stored in a cookie (called, by default,
PHPSESSID) - that cookie is sent by the browser to the server with each request
- the server (PHP) uses that cookie, containing the session_id, to know which file corresponds to that user.
- 创建会话时,会话 ID 会发送给用户。
- 它存储在 cookie 中(默认情况下称为
PHPSESSID) - 该cookie由浏览器随每个请求发送到服务器
- 服务器 (PHP) 使用包含 session_id 的 cookie 来知道哪个文件对应于该用户。
The data in the sessions files is the content of $_SESSION, serialized (ie, represented as a string -- with a function such as serialize); and is un-serialized when the file is loaded by PHP, to populate the $_SESSIONarray.
会话文件中的数据是$_SESSION, 序列化的内容(即,表示为字符串 - 使用诸如serialize 之类的函数);并在 PHP 加载文件时取消序列化,以填充$_SESSION数组。
Sometimes, the session id is not stored in a cookie, but sent in URLs, too -- but that's quite rare, nowadays.
有时,会话 id 不存储在 cookie 中,而是也发送到 URL 中——但现在这种情况非常罕见。
For more informations, you can take a look at the Session Handlingsection of the manual, that gives some useful informations.
有关更多信息,您可以查看手册的会话处理部分,其中提供了一些有用的信息。
For instance, there is a page about Passing the Session ID, which explains how the session id is passed from page to page, using a cookie, or in URLs -- and which configuration options affect this.
例如,有一个关于Passing the Session ID的页面,它解释了如何使用 cookie 或 URL 在页面之间传递会话 id —— 以及哪些配置选项会影响这一点。
回答by Sohel Rana
How Does PHP Session Works
PHP 会话如何工作
Firstly PHP creates a 16-byte long unique identifier number (stored as a string of 32 hexadecimal characters, e.g
a86b10aeb5cd56434f8691799b1d9360) for an individual session.PHPSESSID cookie passes that unique identification number to users' browser to save that number.
A new file is created on the server with the same name of unique identification number with sess_ prefix (ie
sess_a86b10aeb5cd56434f8691799b1d9360.)The browser sends that cookie to the server with each request.
If PHP gets that unique identification number from PHPSESSID cookie (on each request), then PHP searches in the temporary directory and compares that number to the file name. If both are the same, then it retrieves the existing session, otherwise it creates a new session for that user.
首先,PHP
a86b10aeb5cd56434f8691799b1d9360为单个会话创建一个 16 字节长的唯一标识符号(存储为 32 个十六进制字符的字符串,例如)。PHPSESSID cookie 将该唯一标识号传递给用户的浏览器以保存该号码。
在服务器上创建一个新文件,其名称与唯一标识号相同,带有 sess_ 前缀(即
sess_a86b10aeb5cd56434f8691799b1d9360.)浏览器会在每次请求时将该 cookie 发送到服务器。
如果 PHP 从 PHPSESSID cookie 中获取唯一标识号(在每个请求中),则 PHP 在临时目录中搜索并将该编号与文件名进行比较。如果两者相同,则检索现有会话,否则为该用户创建新会话。
A session gets destroyed when the user closes the browser or leaves the site. The server also terminates the session after the predetermined period of session time expires. These are the simple mechanism steps that PHP is using to handle the session. I hope this article with help you to understand how PHP SESSION is working.
当用户关闭浏览器或离开站点时,会话将被破坏。在预定的会话时间段到期后,服务器也终止会话。这些是 PHP 用来处理会话的简单机制步骤。我希望这篇文章能帮助你理解 PHP SESSION 是如何工作的。
See this article for more details. How Does PHP Session Works
有关更多详细信息,请参阅此文章。PHP 会话如何工作
回答by Julien Lebosquain
The session ID is indeed random, and is passed in a cookie or in the URL, depending on configuration. You might already have seen this PHPSESSID=xxxx in some URLs, there is a cookie by that name too.
会话 ID 确实是随机的,并在 cookie 或 URL 中传递,具体取决于配置。您可能已经在某些 URL 中看到过这个 PHPSESSID=xxxx,也有一个同名的 cookie。
回答by Akbor
Sessions in PHP are started by using the session_start( ) function. Like the setcookie( ) function, the session_start( ) function must come before any HTML, including blank lines, on the page. It will look like this:
<?php session_start( );?><html><head>....... etc
The session_start( ) function generates a random Session Id and stores it in a cookie on the user's computer (this is the only session information that is actually stored on the client side.) The default name for the cookie is PHPSESSID, although this can be changed in the PHP configuration files on the server (most hosting companies will leave it alone, however.) To reference the session Id in you PHP code, you would therefore reference the variable $PHPSESSID (it's a cookie name; remember that from Cookies?)
PHP 中的会话是使用 session_start() 函数启动的。与 setcookie( ) 函数一样, session_start( ) 函数必须出现在页面上的任何 HTML 之前,包括空行。它看起来像这样:
<?php session_start( );?><html><head>....... 等 session_start( ) 函数生成一个随机会话 ID 并将其存储在用户计算机上的 cookie 中(这是实际存储在客户端的唯一会话信息。 ) cookie 的默认名称是 PHPSESSID,尽管这可以在服务器上的 PHP 配置文件中更改(但是,大多数托管公司将不理会它。)要在您的 PHP 代码中引用会话 ID,您将因此引用变量 $PHPSESSID(这是一个 cookie 名称;还记得 Cookies 中的吗?)
