Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to understand the problem of setting a strict 30-minute expired Session in PHP". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to understand the problem of setting a strict 30-minute expired Session in PHP".

The first answer

So, one of the most common answers is to set the expiration time of Session, that is, session.gc_maxlifetime, which is incorrect for the following reasons:

1. First of all, this PHP runs session's gc with a certain probability, that is, session.gc_probability and session.gc_divisor (see a Permission denied Notice solution that PHP encounters with Session). The default values are 1 and 100, respectively, which means there is a 1% chance that PHP will run Session gc when a Session starts. There is no guarantee that it will expire in 30 minutes.

two。 What about setting up a high probability of cleaning up? It's still inappropriate. Why? Because PHP uses the modification time of stat Session files to determine whether it expires, increasing this probability will degrade performance, and secondly, PHP uses "one" file to save Session variables related to a session. Suppose I set a Session variable for astat1 5 minutes ago, and then set a Seesion variable for bail2 5 minutes later, then the modification time of this Session file is the time when b is added. Then a cannot be cleaned in 30 minutes. There is also a third reason.

3. PHP defaults (Linux as an example), which uses / tmp as the default storage directory for Session, and is also described in the manual as follows:

Note: if different scripts have different session.gc_maxlifetime values but share the same place to store session data, the script with the lowest value cleans up the data. In this case, use this directive with session.save_path.

In other words, if two applications do not specify their own independent save_path, one sets the expiration time to 2 minutes (assuming A) and the other sets to 30 minutes (assuming B), then every time A's Session gc runs, the Session files belonging to Application B will be deleted at the same time.

Therefore, the first answer is not "completely strict" correct.

The second answer

Another common answer is to set the carrier of Session ID, the expiration time of Cookie, that is, session.cookie_lifetime. This answer is also incorrect for the following reasons:

This expiration is only Cookie expiration, in other words, this point examines the difference between Cookie and Session. Session expiration is the server expiration, while Cookie expiration is guaranteed by the client (browser). Even if you set Cookie expiration, this can only guarantee that the Cookie (including Session ID) will not be sent when the standard browser expires. If you construct a request, you can still use the value of this Session ID.

The third answer

Using memcache, redis, etc., okey, this kind of answer is a correct answer. However, it is obvious that the author will continue to ask you, what if you just use PHP?

The fourth answer

Of course, the interview is not for you, but to examine the thoughtfulness of thinking. I will point out these traps in the process, so generally speaking, the way to meet the meaning of the question is:

1. Set the expiration time of Cookie to 30 minutes, and set the lifetime of Session to 30 minutes.

two。 Add Time stamp for each session value yourself.

3. Judge the timestamp before each visit.

Thank you for your reading, the above is "how to understand the problem of setting a strict 30-minute expired Session in PHP". After the study of this article, I believe you have a deeper understanding of how to understand the problem of setting a strict 30-minute expired Session in PHP, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.