PHP真正的SESSION对象

发布于 2024-08-23 22:49:46 字数 1440 浏览 11 评论 0原文

编辑:(已更新)

也许我的问题不够清楚。好吧,让我们这样说:

$arr["a"] = 10; 
var_dump($arr);
$arr["b"] =& $arr["a"];
var_dump($arr);

第一个 var_dump 返回:

array
  'a' => int 10

而第二个返回:

array
  'a' => &int 10
  'b' => &int 10

如果我 unset($arr["a"]) 它将返回:

array
  'b' => int 10

规则是,当 2 个或更多时变量“指向”相同的内容 var_dump 将使用与字符 (&) 显示引用。

对于 $_SESSION,即使使用 register_long_arrays = Off $_SESSION 仍然显示引用。所以很明显其他变量也指向相同的内容。

换句话说,如果我取消设置($_SESSION),则仍有其他变量可以链接到。在上面的示例中,当我unset($arr["a"])时,如果我创建链接,我仍然可以恢复该内容,例如:$arr["z"] = & $arr["b"].

所以,我最初的问题是,有谁知道另一个变量是什么?这样的变量很可能不存在...但我想知道为什么 PHP 内部显示该引用。

谢谢


(原始问题:)

例如,当您在 PHP 中创建会话时:

session_start();
$_SESSION["name"] = "my name";

并使用以下命令转储 GLOBAL 变量:

var_dump($GLOBALS);

您将看到类似以下内容:

  'HTTP_SESSION_VARS' => &
    array
      'name' => string 'my name' (length=7)
  '_SESSION' => &
    array
      'name' => string 'my name' (length=7)
  'HTTP_SERVER_VARS' => 
    array
      ...

如您所见,变量 $GLOBAL[HTTP_SESSION_VARS] 和 $_SESSION 都是 对其他对象内容的引用...有人知道那个对象是哪个吗?

理论上,如果我取消设置这两个变量,一定可以访问该变量 内容……有什么线索吗?

谢谢你!

EDIT: (UPDATED)

Maybe my question was not clear enough. Ok, lets put it this way:

$arr["a"] = 10; 
var_dump($arr);
$arr["b"] =& $arr["a"];
var_dump($arr);

the first var_dump returns:

array
  'a' => int 10

While the second one returns:

array
  'a' => &int 10
  'b' => &int 10

If I unset($arr["a"]) it will return:

array
  'b' => int 10

The rule is, when 2 or more variables "points" to the same content var_dump will display the reference with an ampersand character (&).

In the case of $_SESSION, even with register_long_arrays = Off $_SESSION still shows a reference. So it is obvious that other variable is also pointing to the same content.

In other words, if I unset($_SESSION) there is still other variable somewhere that can be linked to. In the above example, when I unset($arr["a"]) I can still recover that content if I create a link, something like: $arr["z"] =& $arr["b"].

So, my original question was, does anyone know WHICH is that other variable? It is very probable that such variable do not exists... but I was wondering why inside PHP shows that reference.

Thank you


(Original question:)

When you create a session in PHP, for example:

session_start();
$_SESSION["name"] = "my name";

and dump the GLOBAL variables with:

var_dump($GLOBALS);

you will see something like:

  'HTTP_SESSION_VARS' => &
    array
      'name' => string 'my name' (length=7)
  '_SESSION' => &
    array
      'name' => string 'my name' (length=7)
  'HTTP_SERVER_VARS' => 
    array
      ...

As you can see, both variables $GLOBAL[HTTP_SESSION_VARS] and $_SESSION are
references to other object's content... Do anyone knows which is that object?

In theory, if I unset both variables, somehow It must be possible to access that
content... any clue?

Thank you!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

梦一生花开无言 2024-08-30 22:49:46

$HTTP_SESSION_VARS 是旧的,已弃用,$_SESSION 的名称 - 您不应该再使用它。

这些 $HTTP_*_VARS 变量不一定被设置:只有在 register_long_arrays 配置指令已启用 - 并且使用最新版本的 PHP(即 PHP 5.3),它已被弃用。

For instance, on my server, which is running PHP 5.3.2, the portion of code that you gave :

session_start();
$_SESSION["name"] = "my name";
var_dump($GLOBALS);

仅输出(在几次刷新之后,这解释了 PHPSESSID cookie 的存在)

array
  'GLOBALS' => 
    &array
  '_POST' => 
    array
      empty
  '_GET' => 
    array
      empty
  '_COOKIE' => 
    array
      'PHPSESSID' => string 'fnlujfapqg7kdk1ocve6ndb282' (length=26)
  '_FILES' => 
    array
      empty
  '_SESSION' => &
    array
      'name' => string 'my name' (length=7)

没有任何 $HTTP_*_VARS 变量的痕迹: register_long_arrays 配置指令已禁用。

$HTTP_SESSION_VARS is the old, deprecated, name for $_SESSION -- you should not use that anymore.

Those $HTTP_*_VARS variables are not necessarily set : they will only be if the register_long_arrays configuration directive is enabled -- and, with recent versions of PHP (i.e. PHP 5.3), it has been deprecated.

For instance, on my server, which is running PHP 5.3.2, the portion of code that you gave :

session_start();
$_SESSION["name"] = "my name";
var_dump($GLOBALS);

Only outputs (after a couple of refresh, which explains the presence of the PHPSESSID cookie) :

array
  'GLOBALS' => 
    &array
  '_POST' => 
    array
      empty
  '_GET' => 
    array
      empty
  '_COOKIE' => 
    array
      'PHPSESSID' => string 'fnlujfapqg7kdk1ocve6ndb282' (length=26)
  '_FILES' => 
    array
      empty
  '_SESSION' => &
    array
      'name' => string 'my name' (length=7)

No trace of any $HTTP_*_VARS variable : the register_long_arrays configuration directive is disabled.

感受沵的脚步 2024-08-30 22:49:46

HTTP_SESSION_VARS不是为了向后兼容吗?

Isn't HTTP_SESSION_VARS for backward compatibility?

扭转时空 2024-08-30 22:49:46

它是存储在会话文件中的数据数组,会话文件是存储在服务器上的实际临时文件。就像它们都指向的那样,它是一个数组,没有“Session”对象。当您运行 session_start 时,这些值会被填充,它基本上根据该用户的 PHPSESSID cookie 从文件中加载数据。

It's an array of data that is stored in the session file, which is an actual temporary file stored on the server. Like both of them point to, it's an array, there is no 'Session' object. Those values are filled in when you run session_start which basically loads the data from the file based on the PHPSESSID cookie for that user.

私藏温柔 2024-08-30 22:49:46

好吧,在 PHP 5 中,保留 $HTTP_SESSION_VARS 只是出于兼容性原因。强烈建议您改用 $_SESSION。来自 PHP 手册:

$HTTP_SESSION_VARS 包含相同的初始信息,但不是超全局的。
(注意> $HTTP_SESSION_VARS 和 $_SESSION 是不同的变量并且 PHP 处理
他们本身)

编辑
你说你“已经知道了”!?那你的问题是什么? $_SESSION 不是一个对象,毕竟它是一个 ARRAY,一个超全局变量。没有方法,没有成员。您可以像访问任何其他数组一样访问它的值:$_SESSION['key']

您可以编写自己的 Session 类来封装 PHP 的会话管理。使用 session_set_save_handler 方法绕过内置会话管理并实现自己的逻辑。

问候。

Well, in PHP 5 $HTTP_SESSION_VARS is kept for compatibility reasons only. You are strongly encouraged to use $_SESSION instead. From the PHP manual:

$HTTP_SESSION_VARS contains the same initial information, but is not a superglobal.
(Note > that $HTTP_SESSION_VARS and $_SESSION are different variables and that PHP handles
them as such)

EDIT
You say you "already know that"!? What's your question then? $_SESSION is NOT an object, after all, it's an ARRAY, a superglobal variable. No methods, no members. You can access it's values like you would with any other array: $_SESSION['key'].

You could write your own Session class that wraps around PHP's session management. Use the session_set_save_handler method to bypass the built in session management and implement your own logic.

Regards.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文