donglan9517 2013-08-09 17:49
浏览 8

在PHP中的会话深度

i've few questions about PHP sessions. hope to get the answers soon.

  1. if i'll only use session with out creating any cookies. does the session automatically create cookies at client browser?

  2. how to know the session id? is it created by the developer or each session created is referenced by an id?

  3. if i'll destroy a session, before destroying do i've to delete the cookies also for which i never written code in my site? (as i need to create only one time log in may b once in a year like election. so i don't need to store user information at client.)

  4. if my code will be $_SESSION['user']='xxx', when 'yyy' logs in, does the $_SESSION['user'] gets replaced by 'yyy' as the session data is stored in server?

  5. how do i know, how many simultaneous users can my site handle? does this has anything to do with how i manage the sessions? or server traffic?

  6. i read somewhere that sessions can also be hijacked. and hence suggested to store sessions in database instead of /tmp in server. how to store sessions in database? is there any specific process or we have to proceed like classical way, writing a query to insert when the session is created and deleting it when session is destroyed?

thanks in advance.

  • 写回答

2条回答 默认 最新

  • douna1895 2013-08-09 17:55
    关注

    1. PHP defaults to using cookies. If a session cookie doesn't exist when you call session_start(), one will be created for you (assuming various conditions are met, like no output having been performed before the session_start() call).

    2. session_id()

    3. Destroying a session means wiping the data stored in the session on the server. You have to manually remove the session cookie on the client side (by expiring it).
    4. Sessions are tied to a particular user by their ID. two different users will have two different IDs, meaning their $_SESSION will be unique for EACH user. If you assign the same value to a session variable for all users, all users will have that same value, but a unique COPY of that value.
    5. There is no answer for this. Far too many variables involved: server memory/cpu speed, network bandwidth, disk bandwidth, code efficiency, blah blah blah
    6. Sessions can be hijacked. Sessions in databases aren't necessary unless you're doing a multi-server PHP install or sharing a server with other people. Session files can be made unique per-site, so using file-based sessions is not necessarily a security problem.

    If you're doing your own session handlers, then YOU are responsible for the creation/updating/deletion of the session data.

    评论

报告相同问题?

悬赏问题

  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来
  • ¥15 求帮我调试一下freefem代码
  • ¥15 matlab代码解决,怎么运行
  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法