Session Handling

简介
安装／配置
预定义常量
范例
Session 上传进度
会话和安全
- 会话管理基础
- 和会话安全相关的配置项
Session 函数
- session_abort — Discard session array changes and finish session
- session_cache_expire — 返回当前缓存的到期时间
- session_cache_limiter — 读取/设置缓存限制器
- session_commit — session_write_close 的别名
- session_create_id — Create new session id
- session_decode — 解码会话数据
- session_destroy — 销毁一个会话中的全部数据
- session_encode — 将当前会话数据编码为一个字符串
- session_gc — Perform session data garbage collection
- session_get_cookie_params — 获取会话 cookie 参数
- session_id — 获取/设置当前会话 ID
- session_module_name — 获取/设置会话模块名称
- session_name — 读取/设置会话名称
- session_regenerate_id — 使用新生成的会话 ID 更新现有会话 ID
- session_register_shutdown — 关闭会话
- session_reset — Re-initialize session array with original values
- session_save_path — 读取/设置当前会话的保存路径
- session_set_cookie_params — 设置会话 cookie 参数
- session_set_save_handler — 设置用户自定义会话存储函数
- session_start — 启动新会话或者重用现有会话
- session_status — 返回当前会话状态
- session_unset — 释放所有的会话变量
- session_write_close — Write session data and end session
SessionHandler — The SessionHandler class
- SessionHandler::close — Close the session
- SessionHandler::create_sid — Return a new session ID
- SessionHandler::destroy — Destroy a session
- SessionHandler::gc — Cleanup old sessions
- SessionHandler::open — Initialize session
- SessionHandler::read — Read session data
- SessionHandler::write — Write session data
SessionHandlerInterface — The SessionHandlerInterface class
- SessionHandlerInterface::close — Close the session
- SessionHandlerInterface::destroy — Destroy a session
- SessionHandlerInterface::gc — Cleanup old sessions
- SessionHandlerInterface::open — Initialize session
- SessionHandlerInterface::read — Read session data
- SessionHandlerInterface::write — Write session data

User Contributed Notes

bouvrette dot nicolas at gmail dot com 23-Nov-2014 09:43


Be careful if you are updating to PHP 5.6 since the the Sessions's Write behavior changed.  It now only writes the session if you changed the data. So this means that if you rely on your session to update an activity time stamp on the server (to control session expiry) you will end up having issues. Here is a quick fix if you are implementing SessionHandlerInterface:



    public function close() {

        $this->write($this->id, serialize($_SESSION));

        return true;

    }



Make sure you also use this:



        ini_set('session.serialize_handler', 'php_serialize'); // Force standard PHP functions handler for flexibility



More details here:



Request #17860 (Session write short circuit)

https://bugs.php.net/bug.php?id=17860

e dot mortoray at ecircle dot com 17-Apr-2009 05:02


There is a nuance we found with session timing out although the user is still active in the session.  The problem has to do with never modifying the session variable.





The GC will clear the session data files based on their last modification time.  Thus if you never modify the session, you simply read from it, then the GC will eventually clean up.





To prevent this you need to ensure that your session is modified within the GC delete time.  You can accomplish this like below.





<?php


if( !isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60 )


  $_SESSION['last_access'] = time();


?>





This will update the session every 60s to ensure that the modification date is altered.