PHP会话 - 几个问题

I am using PHP sessions to store tracking data across my pages for my site. The session is started with session_start();

By the way - this is not a login script. I am tracking the first page the user entered on, the date/time and a few other variables.

I store the information in a database, and finally redirect the user to a page using:

header("Location: ".$URLHERE);
exit();

A few questions about using sessions:

As I am not explicity closing the session after the redirect, does PHP delete session variables from disk - or do I have to handle this myself?

(I am concerned about datafiles building up on my Apache server)

Are there any security issues with PHP sessions? This isn't a login, but my scripts do rely on session variables to track information about that unqiue visit.

Thanks :)

写回答
好问题 0 提建议
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

3条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doupeng5320 2017-02-22 02:12
关注
No, the session garbage collection is managed by the system, based on the session.gc_maxlifetime property of php.ini. As your PHP script is run on a per-request basis, calling session_destroy() would involve the lost of data you got about the user at the end of each request.

No security problem with php sessions, only risk is the cookie being stolen by an attacker, but you can avoid that requiring https.

Note that you can also do this without the session, but using the cookie API.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报
编辑

预览
轻敲空格完成输入
显示为

卡片

标题

链接
评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(2条)

编辑

预览

报告相同问题？

关注问题

实现PHP会话令牌时出现问题 html php
2018-08-29 07:41

回答 1 已采纳 There's a few problems with your code: token.php needs to output the token. Which is as simple as
PHP - 管理会话 - 不注销 php
2014-06-24 20:55

回答 4 已采纳 Instead of calling unset() on each session var, you can simply use session_destroy(), which will d
PHP会话问题 - 检查登录 php
2014-02-24 11:32

回答 2 已采纳 You need to put session_start() at the top-side of your PHP file, outside of the checkLogin() func
auth-with-session-variables-with-PHP
2021-03-06 08:43

为了解决这个问题，开发者使用了会话技术，它通过在客户端（通常是浏览器）存储一个唯一的会话ID，并在服务器端保存与之关联的数据，从而保持用户的登录状态。在PHP中，启动会话通常通过调用`session_start()`函数...
PHP会话安全 - 金丝雀会话 php
2016-04-21 01:38

回答 1 已采纳 The way PHP handles sessions, is to generate a unique session id for each user, and store it in a
PHP会话不更新变量 php
2018-08-17 01:28

回答 2 已采纳 session_start() must be the second thing on your page after <?php. HTML tags must be placed aft
PHP会话变量没有给出价值 php
2018-12-29 21:35

回答 1 已采纳 There must be a sesssion_start(); at the beginning of EVERY php webpage that you are using session
nginx-会话保持-3
2023-03-21 06:59

奇漠的博客 nginx会话保持 nginx会话保持主要有以下几种实现方式。 ip_hash ip_hash使用源地址哈希算法，将同一客户端的请求总是发往同一个后端服务器，除非该服务器不可用。 ip_hash语法： upstream web { ip_hash; server ...
php - 跨curl请求维护会话 php
2017-11-16 04:44

回答 1 已采纳 I'm struggling to imagine how this runs at all. However these session variables do not reflect
用于登录的PHP会话 - 无法识别 html php
2013-10-09 13:41

回答 1 已采纳 I think the line $_SESSION['login'] == 1; is wrong, you need only one equal character to add value
在php中重置会话变量 php
2017-07-19 01:23

回答 1 已采纳 Change the new value to SESSION ON your order.php page like below:- <?php require 'connection.
mvp模式 php,Hyper-V - 增强会话模式
2021-04-29 03:17

weixin_39908106的博客 Hyper-V —— 增强会话模式Windows 8.1/Server 2012 R2 中的 Hyper-V 提供了一个新的功能，即：增强会话模式(Enhanced Session Mode)，这个功能使得 Hyper-V 虚拟机连接器能够基于 RDP 方式进行管理，或者说是 RDP ...
php企业微信会话内容存档,企业微信会话内容存档开发期间遇到的一些坑
2021-04-11 05:20

weixin_39855706的博客作者：Hogan链接：http://www.588zj.com/article/qywxDev声明：请尊重原作者的劳动，如需转载请注明出处前阵子,接手的项目需要实现企业微信会话内容存档(下称企微存档),开发期间,踩得坑一个又一个,悲惨至极~为了避免...
php常见的45个漏洞及解决方案
2024-03-06 02:14

极致人生-010的博客 php常见45个漏洞及解决方案
NGINX & PHP Cookie 会话中 PHPSESSID 缺少 HTTPOnly、Secure 属性解决方案
2023-06-25 15:40

sunsineq的博客 NGINX & PHP Cookie 会话中 PHPSESSID 缺少 HTTPOnly、Secure 属性解决方案 1 / 说明基于安全的考虑，需要给cookie加上Secure和HttpOnly属性，HttpOnly比较好理解，设置HttpOnly=true的cookie不能被js获取到，无法...
没有解决我的问题, 去提问

PHP会话 - 几个问题

3条回答 默认 最新

3条回答默认最新