我对PHP会话的理解正确吗? [英] Is my understanding of PHP sessions correct?
问题描述
我一直对会话在内部的工作方式很感兴趣,但是我对C的知识很少(并且不确定在PHP源代码中的位置).
I've been interested in how sessions work internally, but I have little knowledge of C (and am unsure where to look in the PHP source for this).
这是我目前对会话的了解:
This is what I understand of sessions at the moment:
- 启动会话时,会为用户分配一个存储在cookie中的会话ID.
- 保存会话数据(通过
$_SESSION
)时,会将其与相关的会话ID和到期时间一起存储在文件系统中.
- When you start a session the user gets assigned a session id which is stored in a cookie.
- When session data is saved (via
$_SESSION
) it is stored on the filesystem, with the relevant session id and an expiry time.
这是正确的吗?另外,创建会话ID的方法是什么?我认为这是基于时间的,但是如果两个用户同时发送请求该怎么办?内部有哪些方法可以防止它们获得相同的ID?
Is this correct? Also what is the method in which session id are created? I assume it's based on time but what if two users send a request at the same time? What methods are in place internally to prevent them getting the same id?
谢谢
推荐答案
我对内部会话处理过程的了解如下:
My understanding is of the internal session handling process is the following:
当调用 session_start
时,PHP会从客户端中查找通过POST发送的参数, GET或Cookie(取决于配置;请参见 session.use_cookies , session.use_only_cookies 和 session.name 以使用已启动会话的会话ID.
When session_start
is called, PHP is looking for a parameter from the client that was sent via POST, GET, or in a cookie (depending on the configuration; see session.use_cookies, session.use_only_cookies, and session.use_trans_sid) with the name of the value of session.name to use the session ID of an already started session.
如果找到有效的会话ID,它将尝试从存储中检索会话数据(请参阅 session.hash_function ),该数据会生成随机数据(请参见
If it finds a valid session ID, it tries to retrieve the session data from the storage (see session.save_handler) to load the data into $_SESSION
. If it can’t find an ID or its usage is forbidden, PHP generates a new ID using a hash function (see session.hash_function) on data of a source that generates random data (see session.entropy_file).
在运行时结束时或调用 session_write_close
时,$_SESSION
中的会话数据为存放到指定的存储器中.
At the end of the runtime or when session_write_close
is called, the session data in $_SESSION
is stored away into the designated storage.
这篇关于我对PHP会话的理解正确吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!