当前位置: 文江博客话题详情

如何设置会话的生命周期

发布于 2024-11-16 02:19:23 字数 768 浏览 7 评论 0原文

如何在 PHP 中设置会话生命周期?只要请求存在,我想将其设置为永远。请求是AJAX。我处理 AJAX 请求的 PHP 代码是:

// AJAX.php
<?php    
session_start();

$_SESSION['counter'] = $_SESSION['counter'] + 1;

header('Content-type: application/json');    
echo json_encode(array('tick' => $_SESSION['counter']));
?>

和 JavaScript:

$(document).ready(function() {            
function check() {
    getJSON('ajax.php');        
}

function getJSON(url) {                                
    return $.getJSON(
                url,
                function(data) {
                    $("#ticker").html(data.tick);
                }
           );
}

setInterval(function() {
    check();
}, 10000); // Tick every 10 seconds

});

会话总是在 300 秒后重置。

原文

How to set session lifetime in PHP? I Want to set it to forever as long as the request is exist. The request is AJAX. My PHP code that handle AJAX request is:

// AJAX.php
<?php    
session_start();

$_SESSION['counter'] = $_SESSION['counter'] + 1;

header('Content-type: application/json');    
echo json_encode(array('tick' => $_SESSION['counter']));
?>

and the JavaScript:

$(document).ready(function() {            
function check() {
    getJSON('ajax.php');        
}

function getJSON(url) {                                
    return $.getJSON(
                url,
                function(data) {
                    $("#ticker").html(data.tick);
                }
           );
}

setInterval(function() {
    check();
}, 10000); // Tick every 10 seconds

});

The session always resets after 300 seconds.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

ぺ禁宫浮华殁 2024-11-23 02:19:23

PHP 上的会话使用 Cookie 类型的会话,而在服务器端,会话信息会不断被删除。

要在php中设置时间寿命,可以使用函数 session_set_cookie_params,在session_start之前:

session_set_cookie_params(3600,"/");
session_start();

例如,3600秒是一小时,2小时3600*2 = 7200。

但它是会话cookie,浏览器可以通过以下方式使其过期就其本身而言,如果您想保存大量时间的会话(例如记住登录),您需要将数据保存在服务器中并在客户端保存标准cookie。

您可以有一个表“Sessions”:

  • session_id int
  • session_hash varchar(20)
  • session_data text

并验证 Cookie,您在客户端保存“会话 id”和“哈希”(为了安全),并且可以保存会话的数据在服务器端,例如:

登录时:

setcookie('sessid', $sessionid, 604800);      // One week or seven days
setcookie('sesshash', $sessionhash, 604800);  // One week or seven days
// And save the session data:
saveSessionData($sessionid, $sessionhash, serialize($_SESSION)); // saveSessionData is your function

如果用户返回:

if (isset($_COOKIE['sessid'])) {
    if (valide_session($_COOKIE['sessid'], $_COOKIE['sesshash'])) {
        $_SESSION = unserialize(get_session_data($_COOKIE['sessid']));
    } else {
        // Dont validate the hash, possible session falsification
    }
}

显然,在发送数据之前保存所有会话/cookie 调用。

The sessions on PHP works with a Cookie type session, while on server-side the session information is constantly deleted.

For set the time life in php, you can use the function session_set_cookie_params, before the session_start:

session_set_cookie_params(3600,"/");
session_start();

For ex, 3600 seconds is one hour, for 2 hours 3600*2 = 7200.

But it is session cookie, the browser can expire it by itself, if you want to save large time sessions (like remember login), you need to save the data in the server and a standard cookie in the client side.

You can have a Table "Sessions":

  • session_id int
  • session_hash varchar(20)
  • session_data text

And validating a Cookie, you save the "session id" and the "hash" (for security) on client side, and you can save the session's data on the server side, ex:

On login:

setcookie('sessid', $sessionid, 604800);      // One week or seven days
setcookie('sesshash', $sessionhash, 604800);  // One week or seven days
// And save the session data:
saveSessionData($sessionid, $sessionhash, serialize($_SESSION)); // saveSessionData is your function

If the user return:

if (isset($_COOKIE['sessid'])) {
    if (valide_session($_COOKIE['sessid'], $_COOKIE['sesshash'])) {
        $_SESSION = unserialize(get_session_data($_COOKIE['sessid']));
    } else {
        // Dont validate the hash, possible session falsification
    }
}

Obviously, save all session/cookies calls, before sending data.

回复 原文
停滞 2024-11-23 02:19:23

将以下 php 参数设置为相同的值(以秒为单位):

session.cookie_lifetime
session.gc_maxlifetime

在 php.ini、.htaccess 中或例如

ini_set('session.cookie_lifetime', 86400);
ini_set('session.gc_maxlifetime', 86400);

一天。

链接:

http://www.php.net/manual/en/session.configuration .php

http://www.php.net/manual /en/function.ini-set.php

Set following php parameters to same value in seconds:

session.cookie_lifetime
session.gc_maxlifetime

in php.ini, .htaccess or for example with

ini_set('session.cookie_lifetime', 86400);
ini_set('session.gc_maxlifetime', 86400);

for a day.

Links:

http://www.php.net/manual/en/session.configuration.php

http://www.php.net/manual/en/function.ini-set.php

回复 原文
甜点 2024-11-23 02:19:23

在 PHP 7 之前,session_start() 函数不直接接受任何配置选项。现在你可以这样做

<?php
// This sends a persistent cookie that lasts a day.
session_start([
    'cookie_lifetime' => 86400,
]);
?>

参考:https://php. net/manual/en/function.session-start.php#example-5976

Prior to PHP 7, the session_start() function did not directly accept any configuration options. Now you can do it this way

<?php
// This sends a persistent cookie that lasts a day.
session_start([
    'cookie_lifetime' => 86400,
]);
?>

Reference: https://php.net/manual/en/function.session-start.php#example-5976

回复 原文
甜扑 2024-11-23 02:19:23

会话可以在 php.ini 文件或 .htaccess 文件中配置。查看 PHP 会话文档

您基本上要做的就是在 php.ini 中查找 session.cookie_lifetime 行,并将其值设置为 0,以便会话 cookie 在浏览器关闭之前一直有效。如果您无法编辑该文件,可以将 php_value session.cookie_lifetime 0 添加到 .htaccess 文件中。

Sessions can be configured in your php.ini file or in your .htaccess file. Have a look at the PHP session documentation.

What you basically want to do is look for the line session.cookie_lifetime in php.ini and make it's value is 0 so that the session cookie is valid until the browser is closed. If you can't edit that file, you could add php_value session.cookie_lifetime 0 to your .htaccess file.

回复 原文
凡间太子 2024-11-23 02:19:23

由于大多数会话都存储在 COOKIE 中(根据上述注释和解决方案),因此确保 COOKIE 被标记为安全 COOKIE(前面的 C#):

myHttpOnlyCookie.HttpOnly = true;

和/或 vie php.ini(自 php 5.3 起默认为 TRUE) :

session.cookie_httponly = True

Since most sessions are stored in a COOKIE (as per the above comments and solutions) it is important to make sure the COOKIE is flagged as a SECURE one (front C#):

myHttpOnlyCookie.HttpOnly = true;

and/or vie php.ini (default TRUE since php 5.3):

session.cookie_httponly = True
回复 原文
鱼窥荷 2024-11-23 02:19:23

我没有在任何地方看到这一点,但是在 PHP 文件本身中设置 ini_set('session.gc_maxlifetime', $max_lifetime); 如果 php.ini 文件具有 LOWER 值,并且服务器托管多个域/虚拟主机。如果您在 X 网站上有用户,并且 PHP 文件中的 maxlifetime 设置为 10 秒(不是实际值,这只是示例),然后在 php.ini 中将 maxlifetime 设置为 5,则会发生一些有趣/意外的情况如果您有多个域/虚拟主机。

当第二个用户访问在其 PHP 文件中设置了 ini_set('session.gc_maxlifetime', $max_lifetime); 的网站时,它默认为 php.ini 的内容,这将导致 PHP 的垃圾收集使用 5 秒而不是 10 秒作为 maxlifetime 来触发,从而删除应该持续至少 10 秒的用户会话。

因此,如果您的设置具有此功能并属于这种类型的场景,则此设置几乎永远不会出现在 PHP 文件本身中,而实际上应该出现在虚拟主机条目中。唯一的例外是,如果您的服务器仅托管 1 个网站/虚拟主机,则该网站/虚拟主机的 PHP 文件将始终覆盖 php.ini 中的任何内容。

发生这种情况是因为所有站点都使用相同的 tmp 目录来存储会话数据。另一个缓解解决方案是为每个虚拟主机设置会话 tmp 目录。还有另一个(不推荐)解决方案是通过将 php.ini 设置为 0 来完全禁用 session.cookie_lifetime

I dont see this mentioned anywhere, but setting ini_set('session.gc_maxlifetime', $max_lifetime); in the PHP file itself is usually not going to have the desired affect if the php.ini file has a LOWER value and the server hosts multiple domains/vhosts. If you have User on X website, and the maxlifetime is set to 10 seconds (not a real value, this is just for example) in the PHP file and then have the maxlifetime set to 5 in php.ini something interesting/unexpected will happen if you have multiple domains/vhosts.

When a 2nd user visits a site that HASNT set ini_set('session.gc_maxlifetime', $max_lifetime); in it's PHP file and it defaults to whatever php.ini has, that will cause PHP's garbage collection to fire using 5 seconds rather than 10 seconds as maxlifetime, thus deleting the user's session which was supposed to last at least 10 seconds.

Therefore, this setting should almost NEVER go in the PHP file itself and should actually be in the vhost entry if your setup has this capability and falls into this type of scenario. The only exception to this is if your server only hosts 1 website/vhost who's PHP files will always override whatever php.ini has.

This happens because all sites use the same tmp dir to store session data. Another mitigation solution would be to set the session tmp dir per vhost. And yet another (not recommended) solution is to simply disable session.cookie_lifetime completely in php.ini by setting it to 0.

回复 原文
ゝ偶尔ゞ 2024-11-23 02:19:23

只要用户不删除 cookie 或关闭浏览器,会话就应该保持存在。

As long as the User does not delete their cookies or close their browser, the session should stay in existence.

回复 原文
~没有更多了~

关于作者

追风人

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

佚名

文章 0 评论 0

今天

文章 0 评论 0

゛时过境迁

文章 0 评论 0

达拉崩吧

文章 0 评论 0

呆萌少年

文章 0 评论 0

孤者何惧

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文