PHP session and cookie to achieve login expiration
1. The cookie data is stored on the client's browser, and the session data is stored on the server, so the security of the session is higher than that of the cookie.
2. Furthermore, the information in the session we get is obtained through the sessionId stored in the cookie
3. Because the session is stored in the server, the continuous increase of the things in the session will increase the burden on the server. We will put some important things in the session, and the less important things in the client cookie
4. Cookies are divided into two categories, one is session cookies and persistent cookies. Their life cycle is the same as that of the browser. When the browser is closed, the cooki will disappear, and the persistence will be stored in the client's hard disk. .
5. The cookie disappears when the browser is closed, so our session disappears. Under what circumstances will the session be lost, that is, when the server is closed, or the session expires (20 minutes default).
http is a stateless protocol. Session is based on cookie or URL rewriting. It is process-oriented and implemented by default using cookies. Session is a mechanism for saving context information. It is variable for each user. The value is stored on the server side. When the user connects to the server, the server will generate a unique SessionID. The SessionID is used to distinguish different clients and facilitate the next identification. The Session is a server-side storage space maintained by the application server, and the SessionID is this One data is saved to the client with a cookie. When the user submits the page, the SessionID will be submitted to the server to access the Session data.
//index.php
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
<form action="login.php" method="post">
<p>帐号:<input type="text" name="name"/></p>
<p>密码:<input type="password" name="pw"/></p>
<p><input type="submit" name="login" value="登入"/></p>
</form>
</body>
</html>
//login.php
<?php
session_start();
if(isset($_POST["login"])){
$name=$_POST["name"];
$pw=$_POST["pw"];
if($name=="admin"&&$pw==123456)
{
$_SESSION["name"]=$name;
$_SESSION["pw"]=$pw;
setcookie("Auth",1, time()+120); //2分钟后过期
echo '登入成功,<a href="test.php">查看个人信息</a>';
}
else{
echo '帐号或密码错误!<a href="JavaScript:history.back()">返回登入</a>';
}
}
else{
echo "plaese login";
}
?>
//test.php
<?php
session_start();
error_reporting(0);
if (!isset($_COOKIE["Auth"])){
if (!isset($_SESSION["name"]))
{
echo "会话过期";
}
echo "<a href='index.php'>重新登录</a>";
}
else{
echo "帐户信息:<br/>";
echo "用户名:".$_SESSION["name"]."<br/>";
echo "密码:".$_SESSION["pw"]."<br/>";
echo '<a href="logout.php?action=logout">注销</a>';
}
//logout.php
<?php
if($_GET['action']=="logout"){
header('Refresh:3; url="index.php"');
session_start();
setcookie("cookiename", NULL);
session_unset();
session_destroy();
echo "三秒后返回登入页面";
}
?>