duancu4731 2009-11-08 12:23
浏览 50
已采纳

PHP - 默认会话处理与自定义会话处理

I have never tried a custom session handler so far in PHP, and with me thinking of picking up a framework (either CodeIgniter or Kohana), I see that there is an option to use a pre-built custom session handler. What are the pros and cons of going to a system in which session data is stored in the DB? In what ways does a custom session handler improves security and maintainability?

One pro which I can think of if you are on a shared webhost, and the webhost's temp folder is full, an attempt to open a session may fail. However, if the webhost's MySQL goes away, it's as equally futile.

Would appreciate any advice or guidelines. Thanks!

  • 写回答

1条回答 默认 最新

  • drz5553 2009-11-08 12:41
    关注

    If you dig a little deeper into PHP’s default session handling, you will probably discover some things that are inaccurate in some way. Just like the session lifetime that actually is quite important but can be inaccurate in some cases (see How long will my session last? and How do I expire a PHP session after 30 minutes?).

    So it might be necessary to implement your own session handler that does fixes this inaccuracy.

    Other reasons can be security and performance. PHP’s default session handler uses files that could be accessed by others, be it intentionally or unintentionally. Using a protected database can make your data more secure and its caching abilities could speed things up. You could also use chaches like memcached to increase the access times even more.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 请看一下,学校实验要求,我需要具体代码
  • ¥50 pc微信3.6.0.18不能登陆 有偿解决问题
  • ¥20 MATLAB绘制两隐函数曲面的交线
  • ¥15 求TYPCE母转母转接头24PIN线路板图
  • ¥100 国外网络搭建,有偿交流
  • ¥15 高价求中通快递查询接口
  • ¥15 解决一个加好友限制问题 或者有好的方案
  • ¥15 急matlab编程仿真二阶震荡系统
  • ¥20 TEC-9的数据通路实验
  • ¥15 ue5 .3之前好好的现在只要是激活关卡就会崩溃