问题描述
会话文件通常存储在服务器上的 /tmp/
中,并命名为 sess_{session_id}
.我一直在查看内容,但无法弄清楚它们究竟是如何工作的.
Session files are usually stored in, say, /tmp/
on the server, and named sess_{session_id}
. I have been looking at the contents and cannot figure out how they really work.
从文件中获取变量名和内容很容易.但是 PHP 如何知道哪个会话属于谁呢?
Fetching the variable name and and content from the file is easy. But how does PHP know what session belongs to whom?
session_id 似乎完全随机,一个 IP 地址可以有多个用户,如果每个用户打开多个浏览器窗口,则可以有多个会话.
The session_id seems totally random and one IP address can have several users, and each user can have several sessions if they have more than one browser window open.
那么它是如何工作的?
推荐答案
一般情况:
- 会话 ID 在创建会话时发送给用户.
- 它存储在 cookie 中(默认情况下称为
PHPSESSID
) - 该 cookie 由浏览器随每个请求发送到服务器
- 服务器 (PHP) 使用包含 session_id 的 cookie 来了解对应于该用户的文件.
sessions文件中的数据是$_SESSION
的内容,序列化(即表示为字符串——带有序列化) ;并在 PHP 加载文件时取消序列化,以填充 $_SESSION
数组.
The data in the sessions files is the content of $_SESSION
, serialized (ie, represented as a string -- with a function such as serialize) ; and is un-serialized when the file is loaded by PHP, to populate the $_SESSION
array.
有时,会话 ID 不会存储在 cookie 中,而是也通过 URL 发送——但现在这种情况非常罕见.
Sometimes, the session id is not stored in a cookie, but sent in URLs, too -- but that's quite rare, nowadays.
有关更多信息,您可以查看手册的会话处理部分,这提供了一些有用的信息.
For more informations, you can take a look at the Session Handling section of the manual, that gives some useful informations.
比如有一个关于传递Session ID的页面,其中解释了会话 ID 如何在页面之间、使用 cookie 或在 URL 中传递——以及哪些配置选项会影响这一点.
For instance, there is a page about Passing the Session ID, which explains how the session id is passed from page to page, using a cookie, or in URLs -- and which configuration options affect this.
这篇关于PHP 会话如何工作?(不是“它们是如何使用的?")的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!