Session实现原理分析

http://www.jb51.net/article/77726.htm

PHP第一次会话时会有Set-Cookie响应头返回,设置上PHPSESSID cookie

  1. Cache-Control:
    no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  2. Connection:
    Keep-Alive
  3. Content-Length:
    4865
  4. Content-Type:
    text/html; charset=utf-8
  5. Date:
    Mon, 09 Apr 2018 03:24:55 GMT
  6. Expires:
    Thu, 19 Nov 1981 08:52:00 GMT
  7. Keep-Alive:
    timeout=5, max=99
  8. Pragma:
    no-cache
  9. Server:
    ***********************************************
  10. Set-Cookie:
    PHPSESSID=710f5dca0eb5ded010b840603c469f2d; path=/
  11. X-Powered-By:
    **********

PHP之后的请求都会带上这个cookie作为标识,从而php能够从服务端的seesion管理中根据seesionid找到该回话的信息

  1. Accept:
    image/webp,image/apng,image/*,*/*;q=0.8
  2. Accept-Encoding:
    gzip, deflate
  3. Accept-Language:
    zh-CN,zh;q=0.9
  4. Connection:
    keep-alive
  5. Cookie:
    PHPSESSID=710f5dca0eb5ded010b840603c469f2d
  6. Host:
    production.whport.com.cn:30000
  7. Referer:
    http://production.whport.com.cn:30000/SON_EXAM/user/login.php
  8. User-Agent:
    Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

关了浏览器,自然这个会话就没了。

如果设置了 session生存期,即使一直开着浏览器,超过生存期后访问,session实际已经被php释放了。自然就失效了(带过去之前的PHPSESSID也没用)。

 

JSP类似

Set-Cookie:
JSESSIONID=AADB315CC23EC42FC100C88C5280FAD7; Path=/BaseApp; HttpOnly
 
Cookie:
JSESSIONID=AADB315CC23EC42FC100C88C5280FAD7; pgv_pvi=6651742208
posted @ 2018-04-09 11:31  老豆芽  阅读(194)  评论(0编辑  收藏  举报