会话VS温度。饼干 [英] Sessions VS Temp. Cookies

问题描述

我只是想知道。在PHP之间设置cookie没有到期（意味着它在浏览器关闭时过期）和设置会话变量之间有什么区别。我不是在谈论登录和类似的东西;而不需要在每次访问页面时更改频繁更改数据库值。

I'm just wondering. What's the difference in PHP between setting a cookie without expiration (meaning it expires as the browser closes) and setting a session variable. I'm not talking about login and stuff like that; rather not needing to fetch less-frequently changes database values on every page visit, etc.

推荐答案

PS：您可以保护您的Cookie甚至可以使用 http_only Cookie 。对于PHP，您可以阅读 http：// ilia。 ws / archives / 121-httpOnly-cookie-flag-support-in-PHP-5.2.html 。 我忘了为这个会话做例子，但它使用它的cookie示例：（。当您使用此cookie时，无法从大多数浏览器（支持http_only）的JavaScript读取您的cookies。使用http_only您的会话的Cookie： ini_set（session.cookie_httponly，1）;

P.S: you can protect your cookies even more by using http_only cookies. For PHP you could read http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html. I forgot to do for this session example, but did use it for cookie example :(. When you use this your cookies can not be read from JavaScript with most browsers(that support http_only). To use http_only cookie for your session: ini_set("session.cookie_httponly", 1);

PHP之间的区别在于设置没有
的cookie（意味着它在浏览器关闭时过期）和设置
会话变量

What's the difference in PHP between setting a cookie without expiration (meaning it expires as the browser closes) and setting a session variable

他们可以跟踪相同的信息，但使用cookie（不使用会话）所有的信息存储在用户/ webbrowser可以被黑客窃取，甚至更改提供虚假信息。对于简单的事情，你可以使用cookie，但是我想你也可以使用会话，因为当你使用cookie，你需要通过电线传输更多的信息。

They can keep track of the same information, but with cookies(not using session) all information is stored on user/webbrowser which can be stolen by hackers or even altered to provide false information. For simple things you could use cookies, but then again I think you could also use sessions, because when you use cookie you need to transmit more information over the wire.

互联网（ HTTP ）标准是无状态协议（无内存），其优点是它简化了服务器设计。互联网使用 Cookie 将其记住。

The internet(HTTP) standard is a stateless protocol(no memory) which has the advantage that it simplifies server design. The internet uses cookie to make it "remember".

会话仅使用Cookie存储 PHPSESSID 里面的cookie。标准的其余信息存储在 disc 这是更安全的方式来保持状态（存储敏感信息）。您也可以加密您的Cookie 来执行此操作，但我认为会话是很好的方式来做到这一点。

Sessions only use cookie to store PHPSESSID inside cookie. Standard the rest of the information is stored on disc which is more secure way to keep state (store sensitive information). You could also encrypt your cookie to do this, but I think sessions is are nice way to do this.

您可以覆盖此行为，并且当您的网站流量较高时可能需要使用 memcached / redis 只是将会话信息存储在内存中（内存比旋转磁盘快很多读取文件，因为内存也没有移动部分，非常接近CPU）。为此，您需要替换 session_set_save_handler 。这是很容易做到与redis。要安装redis只需输入 make 。 Predis 是PHP的推荐（受欢迎的）redis客户端库。要在redis中保存会话信息，您可以使用 redis-session-php 。

You can override this behaviour and probably should when your website has high traffic to use something like memcached/redis to just store the session information inside memory(Memory is a lot faster than spinning disc to read file because memory also has no moving parts and is very close to CPU). For this to do you need to override session_set_save_handler. It is pretty easy to do with redis. To install redis just type make. Predis is the recommended(popular) redis client library for PHP. To save session information inside redis you could use redis-session-php.

我创建了一个非常简单的php文件

I created a really simple php file to demonstrate sessions.

<?php

session_start();

if (!isset($_SESSION['count'])) {
    $_SESSION['count'] = 0;
}

echo $_SESSION['count']++;

卷曲首次储存Cookie

I我使用了以下 Linux Ubuntu 。

alfred@alfred-laptop:~/www/stackoverflow/6717214$ curl http://localhost/stackoverflow/6717214/session.php -v -c cookie
* About to connect() to localhost port 80 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/session.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 12:13:43 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Added cookie PHPSESSID="eauo6se9o34oegs57nuhs5u3b7" for domain localhost, path /, expire 0
< Set-Cookie: PHPSESSID=eauo6se9o34oegs57nuhs5u3b7; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
< 
* Connection #0 to host localhost left intact
* Closing connection #0
0

b $ b

• -v ：使操作更具说服力


• -c ：在操作后将Cookie写入此文件


• -v: Make the operation more talkative
• -c: Write cookies to this file after operation

接下来我们将显示由我们的会话创建的输出cookie

Next we show output cookie created by our session

alfred@alfred-laptop:~/www/stackoverflow/6717214$ cat cookie 
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

localhost   FALSE   /   FALSE   0   PHPSESSID   d5jfijp8515pbhnoe43v4rau97

标准PHP使用file-系统存储属于会话的数据（PHPSESSID）。对我来说，文件位于 / var / lib / php5

Standard PHP uses the file-system to store data belonging to session(PHPSESSID).For me the files are located at /var/lib/php5

alfred@alfred-laptop:~/www/stackoverflow/6717214$ php -r "echo session_save_path();"
/var/lib/php5

正如你可以看到， c $ c> file sess_d5jfijp8515pbhnoe43v4rau97 。它使用封面下的序列化将对象转换为字符串。

As you can see it stores that information inside file sess_d5jfijp8515pbhnoe43v4rau97. It is using serialize under the cover to convert object to string.

alfred@alfred-laptop:/var/lib/php5$ sudo cat sess_d5jfijp8515pbhnoe43v4rau97
count|i:1;

我需要 sudo ，因为我可以从该位置读取标准

I need to sudo because I can standard not read from that location

alfred@alfred-laptop:/var/lib$ sudo ls -la /var/lib/ | grep php5
drwx-wx-wt  2 root          root           4096 2011-07-16 14:16 php5

尚未为该目录设置读取位

alfred@alfred-laptop:~/www/stackoverflow/6717214$ curl -v -b cookie http://localhost/stackoverflow/6717214/session.php
* About to connect() to localhost port 80 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/session.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> Cookie: PHPSESSID=d5jfijp8515pbhnoe43v4rau97
> 
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 12:28:59 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
< 
* Connection #0 to host localhost left intact
* Closing connection #0
1


b $ b



• -b ：用于从
$ b读取Cookie的Cookie字符串或文件$ b
• -b: Cookie string or file to read cookies from

正如你所看到的，我们可以计算，而不是在cookie中存储任何信息。我们使用相同的cookie来记住我们的状态。您还可以看到光盘上的信息已更改，以反映此信息。

As you can see we can count without storing any of that information inside cookie. We use the same cookie to remember our state. You can also see that the information on disc has changed to reflect this.

alfred@alfred-laptop:~/www/stackoverflow/6717214$ sudo cat /var/lib/php5/sess_d5jfijp8515pbhnoe43v4rau97
count|i:2;





Cookie





Cookies

When just using cookies everything is stored on the users computer.

<?php

$counter = 0;

if (isset($_COOKIE['counter'])) {
    $counter = $_COOKIE['counter'] + 1;
}

setCookie("counter", $counter, NULL, NULL, NULL, NULL, TRUE);
echo $counter;





第一次使用Curl存储Cookie





First time with Curl storing cookie

alfred@alfred-laptop:~/www/stackoverflow/6717214$ curl -c cookie -v http://localhost/stackoverflow/6717214/cookie.php
* About to connect() to localhost port 80 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/cookie.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 13:22:03 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Added cookie counter="0" for domain localhost, path /stackoverflow/6717214/, expire 0
< Set-Cookie: counter=0; httponly
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
< 
* Connection #0 to host localhost left intact
* Closing connection #0
0


b $ b

当我们输出cookie时，我们得到：

When we output cookie we get:

alfred@alfred-laptop:~/www/stackoverflow/6717214$ cat cookie
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_localhost FALSE   /stackoverflow/6717214/ FALSE   0   counter0

alfred@alfred-laptop:~/www/stackoverflow/6717214$ curl -b cookie -c cookie -v htp://localhost/stackoverflow/6717214/cookie.php
* About to connect() to localhost port 80 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /stackoverflow/6717214/cookie.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> Cookie: counter=0
> 
< HTTP/1.1 200 OK
< Date: Sat, 16 Jul 2011 13:32:24 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Replaced cookie counter="1" for domain localhost, path /stackoverflow/6717214/, expire 0
< Set-Cookie: counter=1; httponly
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
< 
* Connection #0 to host localhost left intact
* Closing connection #0
1

这篇关于会话VS温度。饼干的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！