我应该何时何地使用 session_start? [英] When and where should I use session_start?
问题描述
我应该在 PHP 中何时何地使用 session_start()
?
Exactly when and where should I use session_start()
in PHP?
例如,假设我有一个登录脚本,它设置了一个会话变量来判断用户是否登录.然后我必须将 session_start()
放在脚本的顶部,还是仅在我实际设置会话变量之前,如果登录成功?
For example, say I have a login script that sets a session variable to tell whether or not the user is logged in. Must I then put the session_start()
at the top of the script, or only right before I actually set the session variable if the login was successful?
<?php
// session_start(); here?
if (login($username, $password)) {
// session_start(); or here?
$_SESSION["username"] = $username;
}
?>
另一种情况是,根据 w3schools
Another case is this, according to w3schools
注意: session_start() 函数必须是文档中的第一件事.在任何 HTML 标签之前.
Note: The session_start() function must be the very first thing in your document. Before any HTML tags.
推荐答案
正如其他人所说,您必须做的事情的绝对要求是:
As others have said, the absolute requirements of what you must do are:
- 您必须在读取或写入
$_SESSION
之前运行session_start
(否则它将只是一个普通数组,不会保存在任何地方). - 在单个脚本执行(页面加载)期间不得两次运行
session_start
,除非您使用session_write_close
将其关闭.
- You must run
session_start
before you read or write to$_SESSION
(otherwise it will just be an ordinary array and not saved anywhere). - You must not run
session_start
twice during a single script execution (page load) unless you usesession_write_close
to close it in between.
有一个额外的规则,技术上有例外,但最好将其视为绝对的:
There is an extra rule that technically has exceptions, but is best treated as absolute:
- 不要在写完任何输出(
echo
、PHP 块之外的 HTML 等)后启动会话,因为如果服务器已经启动,PHP 可能无法将 cookie 发送到浏览器发送内容.
- Do not start the session after you have written any output (
echo
, HTML outside PHP blocks, etc), because PHP may not be able to send cookies to the browser if the server has already started sending the content.
您可能希望避免开始会话的原因有两个:
There are two reasons you might want to avoid starting the session:
- PHP 会在您打开会话时锁定会话,以避免两个进程将冲突的数据写入其中,因此如果您同时发生多个请求,您应该避免它们相互等待,除非它们确实需要等待.例如,如果您正在响应 AJAX 请求,并且不需要会话中的任何数据,请不要打开它.
- 正如 symcbean 所提到的,创建新会话需要一些成本,因此如果您的网站正忙于处理合法或恶意流量,您可能希望在根本不启动的情况下提供一些着陆页或错误消息.莉>
在那之后,它变成了样式和架构的问题,但涵盖上述大部分内容的经验法则是如果您确定页面需要它,请尽快".
After that, it becomes a matter of style and architecture, but the rule of thumb that covers most of the above is "as soon as possible, if you're sure the page needs it".
这篇关于我应该何时何地使用 session_start?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!