session_set_cookie_params()

用session设置会话cookie参数。
Session储存于服务器端(默认以文件方式存储session),根据客户端提供的session id来得到用户的文件,取得变量的值,session id可以使用客户端的Cookie或者Http1.1协议的Query_String(就是访问的URL的“?”后面的部分)来传送给服务器,然后服务器读取Session的目录……。也就是说,session id是取得存储在服务上的session变量的身份证。当代码session_start();运行的时候,就在服务器上产生了一个session文件,随之也产生了与之唯一对应的一个session id,定义session变量以一定形式存储在刚才产生的session文件中。通过session id,可以取出定义的变量。跨页后,为了使用session,你必须又执行session_start();将又会产生一个session文件,与之对应产生相应的session id,用这个session id是取不出前面提到的第一个session文件中的变量的,因为这个session id不是打开它的“钥匙”。如果在session_start();之前加代码session_id($session id);将不产生新的session文件,直接读取与这个id对应的session文件。 按照上面的思想,我只要把session_id存在在cookie中就可以正常使用session了
追问:
跨页后,为了使用session,你必须又执行session_start();将又会产生一个session文件,与之对应产生相应的session id,用这个session id是取不出前面提到的第一个session文件中的变量的,因为这个session id不是打开它的“钥匙”。如果在session_start();之前加代码session_id($session id);

那在新的页面中还需要session_start()吗?session的生命周期不是一次会话吗?为什么跨页后 还需要session_start()呢?
追答:
session的生命周期是有一次,但是不同的页面要用同一个session变量的话,就需要在不同的页面加上session_start(),不然你是在另一个页面用不了session的,所以为了方便就用session_set_cookie_params把session变量存在cookie中就可以正常使用session了 ,这样就不用在每个页面都要调用session_start()
<div class="post-text" itemprop="text"> <p>I'm using a slightly modified version of the login scrips found <a href="http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL" rel="nofollow">here</a>, and have run into behavior I think is coming from session_set_cookie_params() that I do not understand.</p> <p>I am using sessions, cookies, and header() to redirect users to a login page, then back to the page they requested. My problem was that, even though the initial page and the login page use the same function to handle sessions and cookies, two separate cookies were being set; one for www.example.com and one for example.com. This was preventing a session variable set on the initial page from being read after login.</p> <p>Here is an example of code from any requested page:</p> <pre><code>requireSSL(); sec_session_start(); if(login_check($mysqli) == false) { $_SESSION['origURL'] = $_SERVER['REQUEST_URI']; header('Location: https://www.example.com/login.php'); exit(); } </code></pre> <p>Here are the functions: </p> <pre><code>function requireSSL() { if($_SERVER["HTTPS"] != "on") { header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); exit(); } } function sec_session_start() { $session_name = 'sec_session_id'; // Set a custom session name $secure = true; // Set to true if using https. $httponly = true; // This stops javascript being able to access the session id. ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. $cookieParams = session_get_cookie_params(); // Gets current cookies params. session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); session_name($session_name); // Sets the session name to the one set above. session_start(); // Start the php session session_regenerate_id(true); // regenerated the session, delete the old one. } </code></pre> <p>Although I was able to "fix" this behavior by explicitly stating a domain in session_set_cookie_params() (e.g. "example.com"), I would <strong>love</strong> to understand why two cookies were being set in the first place. Thanks!</p> </div>
©️2020 CSDN 皮肤主题: 书香水墨 设计师:CSDN官方博客 返回首页