先确认会话是否自动开启还是需要通过session_start()来手动开启
; 指定会话模块是否在请求开始时自动启动一个会话默认为 (不启动)
; Initialize session on request startup
;
sessionauto_start =
在客户端会话可以存储在cookie或者通过URL参数来获取依赖于服务器的配置
; 指定是否在客户端用 cookie 来存放会话 ID默认为 (启用)
; Whether to use cookies
;
sessionuse_cookies =
; 指定是否在客户端仅仅使用 cookie 来存放会话 ID启用此设定可以防止有关通过 URL 传递会话 ID 的攻击
; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id We encourage this operation as its very helpful in combatting
; session hijacking when not specifying and managing your own session id It is
; not the end all be all of session hijacking defense but its a good start
;
sessionuse_only_cookies =
如果确认存储在cookie中则可以进一点配置会话存储在cookie中的各项配置如cookie_namecookie_lifetimecookie_pathcookie_domaincookie_securecookie_httponly
; Name of the session (used as cookie name)
;
sessionname = PHPSESSID
; Lifetime in seconds of cookie or if until browser is restarted
;
sessioncookie_lifetime =
; The path for which the cookie is valid
;
sessioncookie_path = /
; The domain for which the cookie is valid
;
sessioncookie_domain =
; Whether or not to add the httpOnly flag to the cookie which makes it inaccessible to browser scripting languages such as JavaScript
;
sessioncookie_httponly =
在服务器端同样也可以通过多种方式来存储会话默认会话存储在文件中此时sessionsave_path为创建存储文件的路径
; Handler used to store/retrieve data
;
sessionsave_handler = files
; Argument passed to save_handler In the case of files this is the path
; where data files are stored Note: Windows users have to change this
; variable in order to use PHP
s session functions
;
; The path can be defined as:
;
; sessionsave_path = "N;/path"
;
; where N is an integer Instead of storing all the session files in
; /path what this will do is use subdirectories Nlevels deep and
; store the session data in those directories This is useful if you
; or your OS have problems with lots of files in one directory and is
; a more efficient layout for servers that handle lots of sessions
;
; NOTE : PHP will not create this directory structure automatically
; You can use the script in the ext/session dir for that purpose
; NOTE : See the section on garbage collection below if you choose to
; use subdirectories for session storage
;
; The file storage module creates files using mode by default
; You can change that by using
;
; sessionsave_path = "N;MODE;/path"
;
; where MODE is the octal representation of the mode Note that this
; does not overwrite the processs umask
;
;sessionsave_path = "/tmp"
PHP支持通过session_set_save_handler来实现会话处理器的自定义open close read write destroy gc处理函数常见的会话处理器包括使用内存型分配(如mmmemcache等)也可以使用数据库进行存储由此可见若需要会话存储与文件系统(例如用数据库PostgreSQL Session Save Handler或默认的文件存储files)协同工作的此时有可能造成用户定制的会话处理器丢失了未存储数据的会话若使用内存型分配存储又需要考虑会话持久化存储问题
接下来重点讲解memcache(d?)会话处理器
Memcache模块提供了于memcached方便的面向过程及面向对象的接口memcached是为了降低动态web应用 从数据库加载数据而产生的一种常驻进程缓存产品
Memcache模块同时提供了一个session 处理器 (memcache)
更多关于memcached的信息请参见»
memcached是一个高性能分布式的内存对象缓存系统 通常被用于降低数据库加载压力以提高动态web应用的响应速度
此扩展使用了libmemcached库提供的api与memcached服务端进行交互它同样提供了一个session处理器(memcached) 它同时提供了一个session处理器(memcached)
关于libmemcached的更多信息可以在» 查看
memcache会话处理器配置
sessionsave_handler = memcache
sessionsave_path = "tcp://:?persistent=&weight=&timeout=&retry_interval=tcp://:?persistent=&weight=&timeout=&retry_interval=tcp://:?persistent=&weight=&timeout=&retry_interval=tcp://:?persistent=&weight=&timeout=&retry_interval="
数据库处理器可以使用Session PgSQL来实现(此扩展被认为已无人维护)也可以使用其它数据库来实现会话存储只不过需要自定义处理器函数functionsessionsetsavehandlerphp具体自定义处理器可参见maria at junkies dot jp
