PHP session never expired solution ideas and implementation methods to share
- 2020-05-05 11:00:18
- OfStack
We developed a system that only the company's customer service staff could use -- a limited number of customer service staff. It is this limited a few customer service staff a few days ago suddenly put forward such a problem: we every very short period of time (half an hour does not operate the page), is in a hurry to solve customer problems, the system prompts the need to log in, delay the customer's time... This sucks!
The customer is god, the only god. Therefore, we are required to realize that session in PHP will never expire, unless our customer service staff artificially let it expire. For security reasons, I do not understand this kind of behavior that never expires; I really don't want to change the old program for lazy reasons. But there is no way, I still need to change.
The best way is not to modify the program, because if you modify the program, the test department must be very upset like me, then can only change the system environment configuration, in fact, it is very simple, open the php.ini Settings file, modify three lines as follows:
1, session. use_cookies
Set this value to 1 and pass sessionid
with cookie 2, session. cookie_lifetime
This represents the time SessionID has stored in Cookie on the client. The default is 0. That's why PHP session can't be used forever! So let's set it to what we think is a big number, 999999999 how about that? That works! That's all.
3, session. gc_maxlifetime
This is the amount of time Session data has been stored on the server. If the time is exceeded, Session data will be deleted automatically! So let's also set it to 99999999.
That's all for ok, of course, if you don't believe me, just test it out -- set an session value and come back in 10 days and a half. If your computer doesn't go down or go down, you can still see sessionid.
May also, of course, you do not have permission to control server doesn't like me lucky can modify php. ini Settings, all also have the means to rely on our own, of course, you must use to the client storage cookie, it get the storage to the client cookie sessionID there, set the value of the cookie, then put the value passed to the session_id () function, this practice is as follows:
If after a long time (how long? See for yourself) when you come back and refresh the page, the output is 1 more than it was when you left. If it is much bigger, it is estimated that who moved your computer, this test is not sure, ha ha... Go out again for a while!
Note: the 'PHPSESSID' in the setcookie line is not a given. If you encounter a webmaster with a modifier's disease, he may have modified it. The best way is to use the function phpinfo() to check the value of session.name.
The customer is god, the only god. Therefore, we are required to realize that session in PHP will never expire, unless our customer service staff artificially let it expire. For security reasons, I do not understand this kind of behavior that never expires; I really don't want to change the old program for lazy reasons. But there is no way, I still need to change.
The best way is not to modify the program, because if you modify the program, the test department must be very upset like me, then can only change the system environment configuration, in fact, it is very simple, open the php.ini Settings file, modify three lines as follows:
1, session. use_cookies
Set this value to 1 and pass sessionid
with cookie 2, session. cookie_lifetime
This represents the time SessionID has stored in Cookie on the client. The default is 0. That's why PHP session can't be used forever! So let's set it to what we think is a big number, 999999999 how about that? That works! That's all.
3, session. gc_maxlifetime
This is the amount of time Session data has been stored on the server. If the time is exceeded, Session data will be deleted automatically! So let's also set it to 99999999.
That's all for ok, of course, if you don't believe me, just test it out -- set an session value and come back in 10 days and a half. If your computer doesn't go down or go down, you can still see sessionid.
May also, of course, you do not have permission to control server doesn't like me lucky can modify php. ini Settings, all also have the means to rely on our own, of course, you must use to the client storage cookie, it get the storage to the client cookie sessionID there, set the value of the cookie, then put the value passed to the session_id () function, this practice is as follows:
<?php
session_start(); // Start the Session
$_SESSION['count']; // registered Session variable Count
isset($PHPSESSID)?session_id($PHPSESSID):$PHPSESSID = session_id();
// If you set it $PHPSESSID , it will SessionID The assignment for $PHPSESSID Otherwise generate SessionID
$_SESSION['count']++; // variable count add 1
setcookie('PHPSESSID', $PHPSESSID, time()+3156000); // storage SessionID to Cookie In the
echo $count; // According to Session variable count The value of the
?>
If after a long time (how long? See for yourself) when you come back and refresh the page, the output is 1 more than it was when you left. If it is much bigger, it is estimated that who moved your computer, this test is not sure, ha ha... Go out again for a while!
Note: the 'PHPSESSID' in the setcookie line is not a given. If you encounter a webmaster with a modifier's disease, he may have modified it. The best way is to use the function phpinfo() to check the value of session.name.