Cookie 允许您的应用程序在 Web 客户端上存储少量文本数据(通常为 4-6kB)。cookie 有许多可能的用途,尽管它们最常见的用途是维护会话状态。cookie 通常由服务器使用响应标头设置,然后由客户端作为请求标头提供。
这是来自zce学习指南。
我的问题是
1. how a session state is maintained by cookie?
2. what happens to these cookies when we use session_destroy()?
问问题
2706 次
2 回答
1
很短:
创建一个会话 id,在每个请求上发送到客户端,它存储在通常称为 PHPSESSID 的 cookie 中。客户端使用此会话 ID 进行响应,以告诉服务器它属于哪个会话。
session_destroy 仅取消设置数据,而不是身份。因此,使用该方法不会触及 cookie。
于 2012-11-08T10:51:21.390 回答
1
Put simply, the session cookie ties a remote session to your browser as you navigate a given site. It contains a string usually along the lines of PHPSESSID=3432DFGDFG43523 which the remote server identifies as a session that it is managing.
From the PHP website:
A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.
The session support allows you to store data between requests in the $_SESSION superglobal array. When a visitor accesses your site, PHP will check automatically (if session.auto_start is set to 1) or on your request (explicitly through session_start() or implicitly through session_register()) whether a specific session id has been sent with the request. If this is the case, the prior saved environment is recreated.
http://www.php.net/manual/en/intro.session.php
When session_destroy() is called, it doesn't quite behave as you'd expect. The session is destroyed remotely but the local cookie isn't removed. To do this you'd need to call setcookie(<session cookie name>) with a negative date to destroy it on the client side. Again, from the PHP website:
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
于 2012-11-08T10:52:21.667 回答