2.1w+
社区成员
- 主页
...全文
当前发帖距今超过3年,不再开放新的回复
发表回复
_Shakespeare 2002-07-23
我觉得session就是为服务器和客户端之间的“交流”提供了一种安全而方便的手段。它会在客户端保留特殊的sessionID,当登陆时服务器验证这个ID---但是这也有不安全的因素,就是只有那些合法注册的用户才能得到sessionID,所以,有些人可以通过输入sessionID来达到看到它不应该看到的东西。以下是关于session的一些东西
Session对象
Session对象用于存储和接受有关某一特殊用户进程的信息。
集合
Session.Contents(Key)
所有在Session水平定义的,没有使用<OBJECT>的数据和对象的集合。Key是Session条目的名称。
Session.StaticObjects(Key)
所有使用<OBJECT>在Session水平定义的数据和对象的集合。Key是返回的属性。
方法
Session.Abadon
用于取消一个用户Session。破坏包含在用户Session中所有的数据和对象。
属性
Session.CodePage
指明当显示动态内容时,所使用的服务器代码页。
Session.LCTD
指明当显示动态内容时,所使用的局部标识。
Session.SessionID
一个用户session的唯一标识。
Session.TimeOut
在一个空闲session自动结束之前所等待的时间,该属性的缺省值为20分钟。
关于cookie :
在互联网上从来没有一种技术象cookie这么有争议,它是服务器在客户端保存的一些和用户有关的一些信息,以次来跟踪用户在互联网上的行为
session默认的变量就是cookie---全局变量--在php4以后实现了跨窗口的传递。当用户的浏览器禁止session时,session就用querystring来传递变量---就是平常看到的url中?后面的东西
浅妄薄见,望与斟酌
Session对象
Session对象用于存储和接受有关某一特殊用户进程的信息。
集合
Session.Contents(Key)
所有在Session水平定义的,没有使用<OBJECT>的数据和对象的集合。Key是Session条目的名称。
Session.StaticObjects(Key)
所有使用<OBJECT>在Session水平定义的数据和对象的集合。Key是返回的属性。
方法
Session.Abadon
用于取消一个用户Session。破坏包含在用户Session中所有的数据和对象。
属性
Session.CodePage
指明当显示动态内容时,所使用的服务器代码页。
Session.LCTD
指明当显示动态内容时,所使用的局部标识。
Session.SessionID
一个用户session的唯一标识。
Session.TimeOut
在一个空闲session自动结束之前所等待的时间,该属性的缺省值为20分钟。
关于cookie :
在互联网上从来没有一种技术象cookie这么有争议,它是服务器在客户端保存的一些和用户有关的一些信息,以次来跟踪用户在互联网上的行为
session默认的变量就是cookie---全局变量--在php4以后实现了跨窗口的传递。当用户的浏览器禁止session时,session就用querystring来传递变量---就是平常看到的url中?后面的东西
浅妄薄见,望与斟酌
fminhua 2002-07-23
session比cookie更安全,它的信息保存在服务器上。cookie的信息保存在客户端。
_Shakespeare 2002-07-22
看看session的发明人是怎么说的
PHP4 adds some session management functions that make our life easier when dealing with sessions. The ones we are interested in are:
--------------------------------------------------------------------------------
session_start();
session_register();
--------------------------------------------------------------------------------
session_start() is used to start up PHP4's session management capabilities; you need to call it before you use any of the other session functions. session_register() is used to tell PHP which variables to track in the session. A typical call to these functions would look like this:
session_register("SESSION");
This tells PHP to start up the session manager, and tells PHP that the variable called SESSION is a session variable. You can register as many session variables as you like, but I prefer to only register one session variable called SESSION, and anything I need persistent I put into this variable. For example, I like to say:
--------------------------------------------------------------------------------
session_register("SESSION");
$SESSION["var1"] = 5;
$SESSION["var2"] = 6;
--------------------------------------------------------------------------------
instead of
--------------------------------------------------------------------------------
session_register("var1");
session_register("var2");
$var1 = 5;
$var2 = 6;
--------------------------------------------------------------------------------
because after you register lots of session variables, you tend to forget what they were, well, at least I do :).
Anyhow, by now you probably want to see some code in action, so create a script called session_test.php somewhere accessible, and put into it:
--------------------------------------------------------------------------------
<?
session_start();
session_register("SESSION");
if (! isset($SESSION)) {
$SESSION["count"] = 0;
echo "<li>Counter initialized, please reload this page to see it increment";
} else {
echo "<li>Waking up session $PHPSESSID";
$SESSION["count"]++;
}
echo "<li>The counter is now $SESSION[count] ";
?>
--------------------------------------------------------------------------------
Fire that up in your browser, the first time you hit the page, it should say " Counter initialized, please reload this page to see it increment". Each time you reload it, the counter value should increment by one. You will also see the session ID. If it does, then hurray, your PHP4 session manager works :)
So how does this work? Well, when you call session_start(), PHP4 determines a unique session ID for the client. This session ID is an MD5 hash of something (not sure what), and it is stored as a cookie on the client's PC.
Now each time that client makes a request, PHP4 will read this session ID and load up the data for the session. When you call session_register(), you are telling PHP4 which variables you want kept in the session. Each page that loads up, the previous values for the registered variables will be reloaded, and each time the page ends PHP4 will save the values of the registered variables.
By default, PHP keeps track of the sessions in temporary files in the /tmp directory, take a listings and see for yourself:
You will see something like this:
--------------------------------------------------------------------------------
-rw------- 1 apache web 10 May 7 15:27 sess_6dd9ea8e61cd49cd3ad6de8c8b8885e8
-rw------- 1 apache web 10 May 7 19:49 sess_7d7f97afb6759948f554b00272494e52
-rw------- 1 apache web 6 May 9 01:00 sess_8ab78830e151add9d79b628958ce4eb9
-rw------- 1 apache web 31 May 9 11:41 sess_a3058a6bb1baf57f565c3844c8810f4b
-rw------- 1 apache web 30 May 9 11:42 sess_c379faad83ad3dc8ab6d22c14dbab3b4
-rw------- 1 apache web 6 May 8 01:00 sess_cd68a5054241aff1a8157c289683e869
-rw------- 1 apache web 34 May 7 15:17 sess_cd97e41912b28c44cc0481b7d978cb61
-rw------- 1 apache web 42 May 9 11:23 sess_d1285edd0c951c70b1aec17a5f602fc0
-rw------- 1 apache web 30 May 9 11:42 sess_da93f6e19b6be01257d7a6453766a23d
-rw------- 1 apache web 42 May 7 21:26 sess_e837123c1af78c538e89b47030fde337
--------------------------------------------------------------------------------
Each one of those files is a session, let's take a look at one of them (note, you probably have to su to root to peek inside a session file). Tip: don't just cut and paste the following commands, you need to specify the name of a real file:
--------------------------------------------------------------------------------
# more /tmp/sess_a3058a6bb1baf57f565c3844c8810f4b
--------------------------------------------------------------------------------
You will see something like this:
--------------------------------------------------------------------------------
SESSION|a:1:{s:5:"count";i:234;}
--------------------------------------------------------------------------------
Does that look familiar? It should if you've ever used the serialize() and unserialize() functions in PHP. If not, don't worry about it. Anyhow, I just wanted to illustrate how sessions were stored. You can rewrite the PHP session handlers to store sessions into a database or whatever else, but that's beyond the scope of this tutorial (but it's not hard at all).
另外,这里有一些php的不错的东西
http://unix.cdnet.edu.cn/LinuxDoc/LDP/HOWTO/PHP-HOWTO.html
浅妄薄见,望与斟酌
PHP4 adds some session management functions that make our life easier when dealing with sessions. The ones we are interested in are:
--------------------------------------------------------------------------------
session_start();
session_register();
--------------------------------------------------------------------------------
session_start() is used to start up PHP4's session management capabilities; you need to call it before you use any of the other session functions. session_register() is used to tell PHP which variables to track in the session. A typical call to these functions would look like this:
session_register("SESSION");
This tells PHP to start up the session manager, and tells PHP that the variable called SESSION is a session variable. You can register as many session variables as you like, but I prefer to only register one session variable called SESSION, and anything I need persistent I put into this variable. For example, I like to say:
--------------------------------------------------------------------------------
session_register("SESSION");
$SESSION["var1"] = 5;
$SESSION["var2"] = 6;
--------------------------------------------------------------------------------
instead of
--------------------------------------------------------------------------------
session_register("var1");
session_register("var2");
$var1 = 5;
$var2 = 6;
--------------------------------------------------------------------------------
because after you register lots of session variables, you tend to forget what they were, well, at least I do :).
Anyhow, by now you probably want to see some code in action, so create a script called session_test.php somewhere accessible, and put into it:
--------------------------------------------------------------------------------
<?
session_start();
session_register("SESSION");
if (! isset($SESSION)) {
$SESSION["count"] = 0;
echo "<li>Counter initialized, please reload this page to see it increment";
} else {
echo "<li>Waking up session $PHPSESSID";
$SESSION["count"]++;
}
echo "<li>The counter is now $SESSION[count] ";
?>
--------------------------------------------------------------------------------
Fire that up in your browser, the first time you hit the page, it should say " Counter initialized, please reload this page to see it increment". Each time you reload it, the counter value should increment by one. You will also see the session ID. If it does, then hurray, your PHP4 session manager works :)
So how does this work? Well, when you call session_start(), PHP4 determines a unique session ID for the client. This session ID is an MD5 hash of something (not sure what), and it is stored as a cookie on the client's PC.
Now each time that client makes a request, PHP4 will read this session ID and load up the data for the session. When you call session_register(), you are telling PHP4 which variables you want kept in the session. Each page that loads up, the previous values for the registered variables will be reloaded, and each time the page ends PHP4 will save the values of the registered variables.
By default, PHP keeps track of the sessions in temporary files in the /tmp directory, take a listings and see for yourself:
You will see something like this:
--------------------------------------------------------------------------------
-rw------- 1 apache web 10 May 7 15:27 sess_6dd9ea8e61cd49cd3ad6de8c8b8885e8
-rw------- 1 apache web 10 May 7 19:49 sess_7d7f97afb6759948f554b00272494e52
-rw------- 1 apache web 6 May 9 01:00 sess_8ab78830e151add9d79b628958ce4eb9
-rw------- 1 apache web 31 May 9 11:41 sess_a3058a6bb1baf57f565c3844c8810f4b
-rw------- 1 apache web 30 May 9 11:42 sess_c379faad83ad3dc8ab6d22c14dbab3b4
-rw------- 1 apache web 6 May 8 01:00 sess_cd68a5054241aff1a8157c289683e869
-rw------- 1 apache web 34 May 7 15:17 sess_cd97e41912b28c44cc0481b7d978cb61
-rw------- 1 apache web 42 May 9 11:23 sess_d1285edd0c951c70b1aec17a5f602fc0
-rw------- 1 apache web 30 May 9 11:42 sess_da93f6e19b6be01257d7a6453766a23d
-rw------- 1 apache web 42 May 7 21:26 sess_e837123c1af78c538e89b47030fde337
--------------------------------------------------------------------------------
Each one of those files is a session, let's take a look at one of them (note, you probably have to su to root to peek inside a session file). Tip: don't just cut and paste the following commands, you need to specify the name of a real file:
--------------------------------------------------------------------------------
# more /tmp/sess_a3058a6bb1baf57f565c3844c8810f4b
--------------------------------------------------------------------------------
You will see something like this:
--------------------------------------------------------------------------------
SESSION|a:1:{s:5:"count";i:234;}
--------------------------------------------------------------------------------
Does that look familiar? It should if you've ever used the serialize() and unserialize() functions in PHP. If not, don't worry about it. Anyhow, I just wanted to illustrate how sessions were stored. You can rewrite the PHP session handlers to store sessions into a database or whatever else, but that's beyond the scope of this tutorial (but it's not hard at all).
另外,这里有一些php的不错的东西
http://unix.cdnet.edu.cn/LinuxDoc/LDP/HOWTO/PHP-HOWTO.html
浅妄薄见,望与斟酌
spgoal 2002-07-22
特殊的COOKIE,生存期始于用户访问网站页面,终于用户离开网站
利用SESSION可以存储跨网页的全局变量
利用SESSION可以存储跨网页的全局变量
可乐加水 2002-07-22
其实就是在服务器上保存的登陆用户的个人信息!
用来确定该用户资料的
用来确定该用户资料的
Jade 2002-07-22
我是这样理解的:
1.是http这种无状态的协议的补充,可以保存一定的信息,用来实现与用户的交互.这个信息保存与服务器中.每个用户不相同.
2.有一定的时间限制,与用户上网的情况相吻合.一般从登录开始到一定的时间.
3.cookie保存在客户端,在安全不及session.
1.是http这种无状态的协议的补充,可以保存一定的信息,用来实现与用户的交互.这个信息保存与服务器中.每个用户不相同.
2.有一定的时间限制,与用户上网的情况相吻合.一般从登录开始到一定的时间.
3.cookie保存在客户端,在安全不及session.
The_east_key 2002-07-22
我对session理解不深,一点浮浅的理解,有不对的地方,也请指教
session的作用:session在用户访问时产生(当然,程序里使用session的情况下),它在服务器端通过web服务器,创建该用户专用的session空间,用来存储与该用户个人相关的信息。如登陆信息等。这种状态仅与该用户相关,与别的任何用户,甚至说,与该用户的别的浏览器都没有关系,这是安全上的实现。当用户进程的破弃发生时,该session执行两种任务,1是马上破弃,清除用户信息等。2是保留状态,一般是第二种情况,服务器一般设定一个session过期时间,如1分钟或半小时。之后,session破弃。在我们使用浏览器进行浏览时,通常会[碰到这样的情况,打开浏览器以后,有一段时间没有去进行任何工作,这时候,服务器端session破弃,启动清除session存储区,此时在进行任何工作,均会得到session过期的提示消息,可是参照hotmail
session可以用于全局控制,如安全信息的控制。及时进行用户验证等工作。
再一个,如需要实现购物小车,在线购物之类功能的程序的时候,session将会起到很大的作用。可以将需要的信息,及时地存储在session区,动态的进行访问等。
在开发一些较大规模的网站的时候,session就显得很有必要。
有什么不明白的地方,可以再联系。
session的作用:session在用户访问时产生(当然,程序里使用session的情况下),它在服务器端通过web服务器,创建该用户专用的session空间,用来存储与该用户个人相关的信息。如登陆信息等。这种状态仅与该用户相关,与别的任何用户,甚至说,与该用户的别的浏览器都没有关系,这是安全上的实现。当用户进程的破弃发生时,该session执行两种任务,1是马上破弃,清除用户信息等。2是保留状态,一般是第二种情况,服务器一般设定一个session过期时间,如1分钟或半小时。之后,session破弃。在我们使用浏览器进行浏览时,通常会[碰到这样的情况,打开浏览器以后,有一段时间没有去进行任何工作,这时候,服务器端session破弃,启动清除session存储区,此时在进行任何工作,均会得到session过期的提示消息,可是参照hotmail
session可以用于全局控制,如安全信息的控制。及时进行用户验证等工作。
再一个,如需要实现购物小车,在线购物之类功能的程序的时候,session将会起到很大的作用。可以将需要的信息,及时地存储在session区,动态的进行访问等。
在开发一些较大规模的网站的时候,session就显得很有必要。
有什么不明白的地方,可以再联系。
