Generally , a user is tracked through a unique Session ID passed between various pages , and the Session variable saved by the user in the server is extracted through the Session ID . There are two common Session ID transmission methods.
The first method is to pass the Session ID based on cookies. This method is more optimized, but cannot be used frequently because users can block cookies on the client side.
The second method is to pass the URL parameter and directly embed the session ID into the URL.
In the implementation of Session, the Cookie-based method is usually adopted, and the Session ID saved by the client is a Cookie. When the client disables cookies, the session ID cannot be saved in the cookie, and it cannot be passed between pages. At this time, the session is invalid. However, on the Linux platform, the cookie status can be automatically checked, and if the client disables it, the system automatically appends the Session ID to the URL for transmission. With Windows systems, this feature is not available.
1. Pass Session ID through Cookie
If the client does not prohibit cookies, the server will automatically send an HTTP header to save the Session ID to the client's computer's cookie after initialization via the session_start() function in the PHP script. A setup similar to the following:
The process of setting the Session ID to the cookie virtually
|
1
|
setcookie(session_name(), session_id(), 0,
'/'
)
|
The first parameter calls the session_name() function, which returns the name of the current Session as the identification name of the cookie. You can change the name of the current Session by providing parameters when calling the session_name() function.
The second parameter calls the session_id() function, which returns the current Session ID as the value of the cookie. You can also set the current Session ID by providing parameters when calling the session_id() function.
The third parameter value is 0, by the value set by the session.cookie_lifetime option in the php.ini file. The default is 0, which means the Session ID will persist in the client's cookie until the browser is closed.
The fourth parameter " / ", which is also the value specified through the PHP configuration file, is set by the session.cookie_path option in php.ini. The default is " / ", which means that the path to be set in the cookie is valid in the entire domain.
2. Pass the Session ID through the URL
If the client browser supports cookies, save the Session ID as a cookie in the browser. But if the user prohibits the use of cookies, there is no session ID as a cookie in the browser, so the client request does not contain cookie information. If the session_start() function is called and the session ID as a cookie cannot be obtained from the client browser, a new session ID is created and the user state cannot be tracked. Therefore, every time a user requests a PHP script that supports Session, the session_start() function will create a new Session when the Session is started, thus losing the ability to track the user's state.
Another mechanism for tracking Session is provided in PHP. If the client browser does not support cookies, PHP can rewrite the client request URL to put
The Session ID is added to the URL. You can manually add a Session ID to the URL of each hyperlink. This method requires a lot of work and is generally not recommended. The code for its example is as follows:
|
1
2
3
4
5
6
|
<?php
//开启 session
session_start();
// 在 URL 后面附加参数,变量名为session_name()获取的名称,值为session_id()获取
echo
'<a href="test.php?'
.session_name().
'='
.session_id().
'">演示</a>'
;
?>
|