dongyu3659 2017-02-22 09:59
浏览 39
已采纳

PHP会话 - 几个问题

I am using PHP sessions to store tracking data across my pages for my site. The session is started with session_start();

By the way - this is not a login script. I am tracking the first page the user entered on, the date/time and a few other variables.

I store the information in a database, and finally redirect the user to a page using:

header("Location: ".$URLHERE);
exit();

A few questions about using sessions:

  1. As I am not explicity closing the session after the redirect, does PHP delete session variables from disk - or do I have to handle this myself?

(I am concerned about datafiles building up on my Apache server)

  1. Are there any security issues with PHP sessions? This isn't a login, but my scripts do rely on session variables to track information about that unqiue visit.

Thanks :)

  • 写回答

3条回答 默认 最新

  • doupeng5320 2017-02-22 10:12
    关注

    1. No, the session garbage collection is managed by the system, based on the session.gc_maxlifetime property of php.ini. As your PHP script is run on a per-request basis, calling session_destroy() would involve the lost of data you got about the user at the end of each request.

    2. No security problem with php sessions, only risk is the cookie being stolen by an attacker, but you can avoid that requiring https.

    Note that you can also do this without the session, but using the cookie API.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!
  • ¥15 永磁直线电机的电流环pi调不出来
  • ¥15 用stata实现聚类的代码
  • ¥15 请问paddlehub能支持移动端开发吗?在Android studio上该如何部署?
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效
  • ¥15 悬赏!微信开发者工具报错,求帮改