In the following work and study, I found that I was not solid in the basic knowledge, so I went back to study. It is true that many things were not noticed or mastered before.
Focus on these issues
--
What are cookies?
simply put:
Because HTTP is stateless, in order to save some data on the client side to interact with the server side, we need to store some data on the client side, that is, cookies.
How does PHP set cookies?
Take a look at the official PHP definition for setting a cookie function
bool setcookie ( string $name [, string $value = "" [, int $expire = 0 [, string $path = "" [, string $domain = "" [, bool $secure = false [, bool $httponly = false ]]]]]] )
Introduce the meaning of the parameters in setcookie()
$name As the name suggests, set the name of the cookie.
$value sets the value of this cookie.
$expire sets the expiration time of the cookie. If it is not set or empty, it means that the cookie will be destroyed when the browser is closed.
Note that this time is the real end time, which should be completed with your current time + expiration time, in seconds.
E.g:
setcookie('name', 'hong.li', time() + 7*24*3600); // Expires one week after the current time.
$path Cookie valid server path. The default is the current directory when the cookie is set.
When set to '/' , the cookie is valid for the entire domain domain .
If set to '/foo/' , the cookie is only valid for domain the /foo/ directory and its subdirectories (eg /foo/bar/ ).
$domain sets cross-domain.
Whether $secure only accepts cookies from HTTPS, the default is false;
Whether $httponly only accepts cookies sent by HTTP protocol, does not allow JS to directly manipulate cookies, can effectively prevent XXS attacks, and can also be set in php.ini.
--
Besides setcookie, is there any other way to set cookies?
Of course there is, let's talk about a PHP function that sets cookies
bool setrawcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )
The only difference between it and setcookie is that setcookie urlencodes the value, which he doesn't.
The second way is to send an HTTP header directly and specify Set-cookie. In the browser, it will think that you are setting the attribute of the cookie
header('Set-cookie: username=hong.li');
Check to see if your browsers have this cookie.
--
How to delete the cookies we have set?
The browser is manually deleted, haha~
Directly set the cookie to an expired time through PHP, and the cookie will be deleted.
--
Already have cookies to set information, what else do we use SESSION for?
We all know that cookies exist on the client side. It is easy to be tampered with, and it is also impossible to use a client's credentials to determine the user's identity.
Pull away. . . . . .
In short, using cookie information is far from enough, SESSION is a storage state on the server side.
--
What is the principle of SESSION?
After starting the session, when the browser accesses this page.
1: The server will detect whether there is a SESSION.
2: If not, generate a random PHPSESSID, and automatically send a cookie, which disappears after closing the browser.
3: If there is, read the corresponding SESSION information.
--
How to use SESSION?
In PHP we first need to initialize SESSION.
session_start();
Then we can add or our value to the global variable $_SESSION
$_SESSION['username'] = 'hong.li';
Then we can get the corresponding value.
It should be noted that although the default cookie we use saves the information of SESSION_ID, this information will disappear after closing the browser, which we obviously do not want. So we will use setcookie here to set our information.
setcookie('username','hong.i',time()+3600);
--