我对 PHP 会话的理解是否正确? [英] Is my understanding of PHP sessions correct?
问题描述
我一直对会话的内部工作方式很感兴趣,但我对 C 知之甚少(并且不确定在 PHP 源代码中的何处查找).
I've been interested in how sessions work internally, but I have little knowledge of C (and am unsure where to look in the PHP source for this).
这就是我目前对会话的理解:
This is what I understand of sessions at the moment:
- 当您开始会话时,用户会获得一个会话 ID,该 ID 存储在 cookie 中.
- 保存会话数据时(通过
$_SESSION),它会存储在文件系统中,并带有相关的会话 ID 和到期时间.
- When you start a session the user gets assigned a session id which is stored in a cookie.
- When session data is saved (via
$_SESSION) it is stored on the filesystem, with the relevant session id and an expiry time.
这是正确的吗?另外创建会话ID的方法是什么?我假设它是基于时间的,但是如果两个用户同时发送请求呢?内部有哪些方法可以防止它们获得相同的 ID?
Is this correct? Also what is the method in which session id are created? I assume it's based on time but what if two users send a request at the same time? What methods are in place internally to prevent them getting the same id?
谢谢,
推荐答案
我对内部会话处理流程的理解如下:
My understanding is of the internal session handling process is the following:
当 session_start 被调用时,PHP 正在从客户端寻找一个参数是通过 POST、GET 或 cookie 发送的(取决于配置;请参阅 session.use_cookies, session.use_only_cookies 和 session.use_trans_sid) 与 session.name 使用已启动会话的会话 ID.
When session_start is called, PHP is looking for a parameter from the client that was sent via POST, GET, or in a cookie (depending on the configuration; see session.use_cookies, session.use_only_cookies, and session.use_trans_sid) with the name of the value of session.name to use the session ID of an already started session.
如果找到有效的会话 ID,它会尝试从存储中检索会话数据(请参阅 session.save_handler) 将数据加载到 $_SESSION.如果找不到 ID 或禁止使用,PHP 会使用哈希函数生成新 ID(请参阅 session.hash_function)生成随机数据的源数据(参见 session.entropy_file).
If it finds a valid session ID, it tries to retrieve the session data from the storage (see session.save_handler) to load the data into $_SESSION. If it can’t find an ID or its usage is forbidden, PHP generates a new ID using a hash function (see session.hash_function) on data of a source that generates random data (see session.entropy_file).
在运行时结束或当 session_write_close 被调用时,会话数据$_SESSION 中的内容被存储到指定的存储中.
At the end of the runtime or when session_write_close is called, the session data in $_SESSION is stored away into the designated storage.
这篇关于我对 PHP 会话的理解是否正确?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
