简体繁体 English

PHP - 默认会话处理与自定义会话处理

[英]PHP - Default session handling vs. custom session handling

原文 2009-11-08 12:23:57 2 1 php/ session

I have never tried a custom session handler so far in PHP, and with me thinking of picking up a framework (either CodeIgniter or Kohana), I see that there is an option to use a pre-built custom session handler. 到目前为止，我从未在PHP中尝试过自定义会话处理程序，并且考虑到选择框架（CodeIgniter或Kohana），我看到有一个选项可以使用预构建的自定义会话处理程序。 What are the pros and cons of going to a system in which session data is stored in the DB? 进入会话数据存储在DB中的系统的优缺点是什么？ In what ways does a custom session handler improves security and maintainability? 自定义会话处理程序以何种方式提高安全性和可维护性？

One pro which I can think of if you are on a shared webhost, and the webhost's temp folder is full, an attempt to open a session may fail. 如果您在共享的虚拟主机上并且webhost的临时文件夹已满，我可以想到一个专业人员，尝试打开会话可能会失败。 However, if the webhost's MySQL goes away, it's as equally futile. 但是，如果webhost的MySQL消失了，那同样是徒劳的。

Would appreciate any advice or guidelines. 非常感谢任何建议或指导。 Thanks! 谢谢！

1 个解决方案

If you dig a little deeper into PHP's default session handling, you will probably discover some things that are inaccurate in some way. 如果你深入研究PHP的默认会话处理，你可能会发现一些在某些方面不准确的东西。 Just like the session lifetime that actually is quite important but can be inaccurate in some cases (see How long will my session last? and How do I expire a PHP session after 30 minutes? ). 就像会话生命周期实际上非常重要但在某些情况下可能不准确（请参阅我的会话将持续多长时间？以及如何在30分钟后使PHP会话到期？ ）。

So it might be necessary to implement your own session handler that does fixes this inaccuracy. 因此，可能需要实现自己的会话处理程序来修复此不准确性。

Other reasons can be security and performance. 其他原因可能是安全性和性能。 PHP's default session handler uses files that could be accessed by others, be it intentionally or unintentionally. PHP的默认会话处理程序使用其他人可以访问的文件，无论是有意还是无意。 Using a protected database can make your data more secure and its caching abilities could speed things up. 使用受保护的数据库可以使您的数据更安全，其缓存能力可以加快速度。 You could also use chaches like memcached to increase the access times even more. 您还可以使用像memcached这样的聊天来进一步增加访问时间。