duancu4731 2009-11-08 12:23
浏览 50
已采纳

PHP - 默认会话处理与自定义会话处理

I have never tried a custom session handler so far in PHP, and with me thinking of picking up a framework (either CodeIgniter or Kohana), I see that there is an option to use a pre-built custom session handler. What are the pros and cons of going to a system in which session data is stored in the DB? In what ways does a custom session handler improves security and maintainability?

One pro which I can think of if you are on a shared webhost, and the webhost's temp folder is full, an attempt to open a session may fail. However, if the webhost's MySQL goes away, it's as equally futile.

Would appreciate any advice or guidelines. Thanks!

  • 写回答

1条回答 默认 最新

  • drz5553 2009-11-08 12:41
    关注

    If you dig a little deeper into PHP’s default session handling, you will probably discover some things that are inaccurate in some way. Just like the session lifetime that actually is quite important but can be inaccurate in some cases (see How long will my session last? and How do I expire a PHP session after 30 minutes?).

    So it might be necessary to implement your own session handler that does fixes this inaccuracy.

    Other reasons can be security and performance. PHP’s default session handler uses files that could be accessed by others, be it intentionally or unintentionally. Using a protected database can make your data more secure and its caching abilities could speed things up. You could also use chaches like memcached to increase the access times even more.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 下图接收小电路,谁知道原理
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探