看看session的发明人是怎么说的
PHP4 adds some session management functions that make our life easier when dealing with sessions. The ones we are interested in are:
session_start() is used to start up PHP4's session management capabilities; you need to call it before you use any of the other session functions. session_register() is used to tell PHP which variables to track in the session. A typical call to these functions would look like this:
session_register("SESSION");
This tells PHP to start up the session manager, and tells PHP that the variable called SESSION is a session variable. You can register as many session variables as you like, but I prefer to only register one session variable called SESSION, and anything I need persistent I put into this variable. For example, I like to say:
--------------------------------------------------------------------------------
because after you register lots of session variables, you tend to forget what they were, well, at least I do :).
Anyhow, by now you probably want to see some code in action, so create a script called session_test.php somewhere accessible, and put into it:
if (! isset($SESSION)) {
$SESSION["count"] = 0;
echo "<li>Counter initialized, please reload this page to see it increment";
} else {
echo "<li>Waking up session $PHPSESSID";
$SESSION["count"]++;
}
echo "<li>The counter is now $SESSION[count] ";
?>
Fire that up in your browser, the first time you hit the page, it should say " Counter initialized, please reload this page to see it increment". Each time you reload it, the counter value should increment by one. You will also see the session ID. If it does, then hurray, your PHP4 session manager works :)
So how does this work? Well, when you call session_start(), PHP4 determines a unique session ID for the client. This session ID is an MD5 hash of something (not sure what), and it is stored as a cookie on the client's PC.
Now each time that client makes a request, PHP4 will read this session ID and load up the data for the session. When you call session_register(), you are telling PHP4 which variables you want kept in the session. Each page that loads up, the previous values for the registered variables will be reloaded, and each time the page ends PHP4 will save the values of the registered variables.
By default, PHP keeps track of the sessions in temporary files in the /tmp directory, take a listings and see for yourself:
-rw------- 1 apache web 10 May 7 15:27 sess_6dd9ea8e61cd49cd3ad6de8c8b8885e8
-rw------- 1 apache web 10 May 7 19:49 sess_7d7f97afb6759948f554b00272494e52
-rw------- 1 apache web 6 May 9 01:00 sess_8ab78830e151add9d79b628958ce4eb9
-rw------- 1 apache web 31 May 9 11:41 sess_a3058a6bb1baf57f565c3844c8810f4b
-rw------- 1 apache web 30 May 9 11:42 sess_c379faad83ad3dc8ab6d22c14dbab3b4
-rw------- 1 apache web 6 May 8 01:00 sess_cd68a5054241aff1a8157c289683e869
-rw------- 1 apache web 34 May 7 15:17 sess_cd97e41912b28c44cc0481b7d978cb61
-rw------- 1 apache web 42 May 9 11:23 sess_d1285edd0c951c70b1aec17a5f602fc0
-rw------- 1 apache web 30 May 9 11:42 sess_da93f6e19b6be01257d7a6453766a23d
-rw------- 1 apache web 42 May 7 21:26 sess_e837123c1af78c538e89b47030fde337
Each one of those files is a session, let's take a look at one of them (note, you probably have to su to root to peek inside a session file). Tip: don't just cut and paste the following commands, you need to specify the name of a real file:
Does that look familiar? It should if you've ever used the serialize() and unserialize() functions in PHP. If not, don't worry about it. Anyhow, I just wanted to illustrate how sessions were stored. You can rewrite the PHP session handlers to store sessions into a database or whatever else, but that's beyond the scope of this tutorial (but it's not hard at all).