简介
在PHP中支持Session是为了提供一种方法去保存一些交叉并发访问的数据。这可以使你建立更多用户化的应用,提高你站点的吸引力。
访问网站的来客会被分配一个唯一的标识符,即所谓的会话 ID。它要么存放在客户端的 cookie,要么经由 URL 传递。
会话支持允许用户注册任意数目的变量并保留给各个请求使用。当来客访问网站时,PHP 会自动(如果 session.auto_start 被设为 1)或在用户请求时(由 session_start() 明确调用或 session_register() 暗中调用)检查请求中是否发送了特定的会话 ID。如果是,则之前保存的环境就被重建。
小心 如果确实启用了 session.auto_start,则不能将对象放入会话中,因为类定义必须在启动会话之前加载以在会话中重建对象。
All registered variables are serialized after the request finishes. Registered variables which are undefined are marked as being not defined. On subsequent accesses, these are not defined by the session module unless the user defines them later.
请求完成后,所有的注册变量将被连续装载起来。没有被定义的注册变量会被标记为没被定义。在其它访问中,这些变量没有被session module定义,除非用户后来定义了。
注意: 1 会话处理是 PHP 4.0 添加的。
注意: 2 注意在使用会话时除非用 session_register() 函数注册了一个变量或者将一个新的键添加到了 $_SESSION 超全局数组中去,否则会话的记录不会被创建。不管会话是否用 session_start() 函数启动都是如此。
Sessions 和 安全
session模块不能保证存放在会话中的信息只能被创建该会话的用户看到。根据其存放的数据,还需要采取更多措施来主动保护会话的完整性。
评估会话中携带的数据并实施附加保护措施――这通常要付出代价,降低用户的方便程度。例如,如果要保护用户免于受简单的社交策略侵害(注:指在 URL 中显示的会话 ID 会被别人在电脑屏幕上看到,或被别的网站通过 HTTP Referer 得到等),则应该启用 session.use_only_cookies。此情形下,客户端必须无条件启用 cookie,否则会话就不工作。
有几种途径会将现有的会话 ID 泄露给第三方。泄露出的会话 ID 使第三方能够访问所有与指定 ID 相关联的资源。第一,URL 携带会话 ID。如果连接到外部站点,包含有会话 ID 的 URL 可能会被存在外部站点的 Referer 日志中。第二,较主动的攻击者可能会侦听网段的数据包。如果未加密,会话 ID 会以明文方式在网络中流过。对此的解决方式是在服务器上实施 SSL 并强制用户使用。 (只有这样才能真正放心吧)
注: 如果你正在使用缺省的基于文件的session处理器,你的文件系统必须可以跟踪保留访问时间(atime)。Windows FAT 就不行,如果你喜欢FAT文件系统或任何其它不支持跟踪访问时间的文件系统,你必须使用其它方法去操作垃圾收集器 。自从PHP4.2.3版本开始,它已经用mtime(修改时间)代替atime。所以,你不必担心不支持atime的文件系统会有问题。
Session.hash_function 允许你指定用于产生session Ids的无序数的运算法则。’0’的意思是用“MD5(128位)”,’1’的意思是用SHA-1(160位)。
注: This was introduced in PHP 5.
注:这个在PHP5中被引入。
session.hash_bits_per_character integer
session.hash_bits_per_character allows you to define how many bits are stored in each character when converting the binary hash data to something readable. The possible values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-", ",").
Session.hash_bits_per_character 当转换这个二进制无序数据为易读的数据时,让你定义每一个字符存储多少位。其可能的变量是'4' (0-9, a-f), '5' (0-9, a-v), 和 '6' (0-9, a-z, A-Z, "-", ",")
注: This was introduced in PHP 5.
注:这个在PHP5中被引入。
url_rewriter.tags string
自 PHP 4.1.0 起,$_SESSION 如同 $_POST,$_GET,$_REQUEST 等一样成为全局数组。与 $HTTP_SESSION_VARS 不同,$_SESSION 总是具有全局范围。因此不要对 $_SESSION 使用 global 关键字。注意本文档已被改为在所有地方都使用 $_SESSION。如果倾向后者,可以将 $HTTP_SESSION_VARS 都替换成 $_SESSION。此外注意必须在使用 $_SESSION 之前先用 session_start() 启动会话。
在 $_SESSION 关联数组中的键名具有和 PHP 中普通变量名相同的规则,即不能以数字开头,必须以字母或下划线开头。更多细节见本手册中变量一章。
如果 register_globals 被禁用,则只有全局关联数组 $_SESSION 中的成员可以被注册为会话变量。被恢复的会话变量也只存在于 $_SESSION 数组中。
为提高安全性和代码的可读性,建议使用 $_SESSION(或在 PHP 4.0.6 或更低版本中用 $HTTP_SESSION_VARS)。使用了 $_SESSION,就没有必要使用 session_register(),session_unregister(),session_is_registered() 函数。访问会话变量就和其它变量一样。
session_start();
// Use $HTTP_SESSION_VARS with PHP 4.0.6 or less
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
} else {
$_SESSION['count']++;
}
?>
例 2. 用 $_SESSION 取消注册变量并且禁用了 register_globals
session_start();
// Use $HTTP_SESSION_VARS with PHP 4.0.6 or less
unset($_SESSION['count']);
?>
注意 Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal.
不要用unset($_SESSION)注销整个$_SESSION,因为这将使通过$_SESSION超级全局的session变量失去注册能力。
_________________________________________________________________________________
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
例子 3. Unregistering a variable with register_globals enabled, after registering it using $_SESSION.
If register_globals is enabled, then each global variable can be registered as session variable. Upon a restart of a session, these variables will be restored to corresponding global variables. Since PHP must know which global variables are registered as session variables, users need to register variables with session_register() function. You can avoid this by simply setting entries in $_SESSION.
如果register_globals被打开,则每个全局变量会被注册为session变量。在一个重启的session上,这些变量将存储到相应的全局变量。因为PHP必须知道那个全局变量被注册为session变量,用户需要用session_register()函数注册变量。你可以避免这被简单的设置进$_SESSION。
注意 Before PHP 4.3, if you are using $_SESSION and you have disabled register_globals, don't use session_register(), session_is_registered() or session_unregister().
在PHP4.3前,如果你在使用$_SESSION,并且你已经关闭register_globals,就不要用session_register(),session_is_registered()或session_unregister()。
If you enable register_globals, session_unregister() should be used since session variables are registered as global variables when session data is deserialized. Disabling register_globals is recommended for both security and performance reasons.
如果你打开register_globals,session_unregister()应被使用,因为当session数据分离出来的时候,session变量被注册为全局变量。由于安全和性能的理由,推荐关闭register_globals。
例子 4. Registering a variable with register_globals enabled
If register_globals is enabled, then the global variables and the $_SESSION entries will automatically reference the same values which were registered in the prior session instance.
如果register_globals被打开,则全局变量和$_SESSION内部数据将自动引入成与先前session实例相同的变量。
There is a defect in PHP 4.2.3 and earlier. If you register a new session variable by using session_register(), the entry in the global scope and the $_SESSION entry will not reference the same value until the next session_start(). I.e. a modification to the newly registered global variable will not be reflected by the $_SESSION entry. This has been corrected in PHP 4.3.
如果register_globals被打开,则全局变量和$_SESSION条目,将自动参考在先前的session实例中注册的相同变量。在PHP4.2.3或更早版本中有个缺陷。如果你用session_register()注册一个新的session变量,在全局范围内的条目和这个$_SESSION条目将不参考这个相同的变量,直到下一个session_start。也就是说,最新注册为全局变量的一个改动,将不能被这个$_SESSION条目所反映。这个缺陷已经在PHP4.3中得以修正。
Passing the Session ID
传递session ID
There are two methods to propagate a session id:
有两种方法去传递session id:
Cookies
URL parameter
The session module supports both methods. Cookies are optimal, but because they are not always available, we also provide an alternative way. The second method embeds the session id directly into URLs.
Session 模板支持两种方法。Cookies是最佳的,但是由于他们不总是可用,我们也准备一个可选的方法。第二个方法将session id直接嵌入到URLs中。
PHP is capable of transforming links transparently. Unless you are using PHP 4.2 or later, you need to enable it manually when building PHP. Under Unix, pass --enable-trans-sid to configure. If this build option and the run-time option session.use_trans_sid are enabled, relative URIs will be changed to contain the session id automatically.
PHP可以明显的传换链接。除非你使用PHP4.2或更后版本,当你建立PHP时你需要手动打开。在UNIX下,通过 –-enable-trans-sid去配置。如果这个创建选项和运行时的选项session.use_trans_sid被打开,相关的URIs将自动改变为包含session id。
注: The arg_separator.output php.ini directive allows to customize the argument seperator. For full XHTML conformance, specify & there.
注:php.ini命令--arg_separator.output允许制定参数分隔符。为了和XHTML一致,这里指定 & 。
Alternatively, you can use the constant SID which is always defined. If the client did not send an appropriate session cookie, it has the form session_name=session_id. Otherwise, it expands to an empty string. Thus, you can embed it unconditionally into URLs.
作为选择,你可以使用总被定义的常量SID。如果客户端不能发送一个适当的session cookie,SID有这样的形式:session_name=session_id。否则,它扩展成一个空字符串。因此,你可以无条件的将它嵌入到URLs中。
The following example demonstrates how to register a variable, and how to link correctly to another page using SID.
下面的例子示范怎样注册一个变量,并且示范用SID怎样正确的链接到其它的页面中。
例子 5. Counting the number of hits of a single user
Hello visitor, you have seen this page times.
To continue, click here.
The strip_tags() is used when printing the SID in order to prevent XSS related attacks.
为了防止XSS有关的攻击,当打印SID时,用strip_tags()。
Printing the SID, like shown above, is not necessary if --enable-trans-sid was used to compile PHP.
像上面显示的那样打印SID,不是必须的,如果 在编译PHP时–enable-trans-sid被用到。
注: Non-relative URLs are assumed to point to external sites and hence don't append the SID, as it would be a security risk to leak the SID to a different server.
注:假定无关的URLs指向一个外部站点,因此不能追加这个SID,因为它是泄露SID到不同服务器的不安全因素。
Custom Session Handlers
定制session处理器
To implement database storage, or any other storage method, you will need to use session_set_save_handler() to create a set of user-level storage functions.
为了实现数据库存储或其它的存储方法,你将需要用session_set_save_handler去建头头是立一个设为用户级别的存储功能。
目录
session_cache_expire -- Return current cache expire
session_cache_limiter -- Get and/or set the current cache limiter
session_commit -- Alias of session_write_close()
session_decode -- Decodes session data from a string
session_destroy -- Destroys all data registered to a session
session_encode -- 将当前会话数据编码为一个字符串
session_get_cookie_params -- Get the session cookie parameters
session_id -- Get and/or set the current session id
session_is_registered -- Find out whether a global variable is registered in a session
session_module_name -- Get and/or set the current session module
session_name -- Get and/or set the current session name
session_regenerate_id -- Update the current session id with a newly generated one
session_register -- Register one or more global variables with the current session
session_save_path -- Get and/or set the current session save path
session_set_cookie_params -- Set the session cookie parameters
session_set_save_handler -- Sets user-level session storage functions
session_start -- Initialize session data
session_unregister -- Unregister a global variable from the current session
session_unset -- Free all session variables
session_write_close -- Write session data and end session
session_cache_expire
(PHP 4 >= 4.2.0, PHP 5)
session_cache_expire -- Return current cache expire
session_cache_expire – 返回当前缓存期限
Description
int session_cache_expire ( [int new_cache_expire])
session_cache_expire() returns the current setting of session.cache_expire. The value returned should be read in minutes, defaults to 180. If new_cache_expire is given, the current cache expire is replaced with new_cache_expire.
返回当前session.cache_expire设置。返回值会以分钟数读取,缺省为180分钟。如果给定new_cache_expire,则当的缓存期限用new_cache_expire替换。
The cache expire is reset to the default value of 180 stored in session.cache_expire at request startup time. Thus, you need to call session_cache_expire() for every request (and before session_start() is called).
在请求启动的时候,缓存期限被重置为存储在session.cache_expire中的缺省值180。因而,你需要为每个请求调用session_cache_expire()(在session_start()被调用前)。
例子 1. session_cache_expire() example
注: Setting new_cache_expire is of value only, if session.cache_limiter is set to a value different from nocache.
session_cache_expire
03-Jun-2004 04:11
Some of my customers asked me for a solution form their session not to expire when filling large forms. Sometimes it takes them more than 2 hours to submit (phone, desk customers...). 一些我的客户问我当他们填入大的表单的时候session不终止的解决办法。有时他们花超过2个小时去填写提交。 I know I could have forced an ilayer to be refreshed dynamically and then include PHP code using session_cache_expire() function, but this refreshing a page changes the form focus. So I found this the only solution for them not to loose focus over their form element. 我晓得我要参与者去动态更新,然后用包含session_cache_expire()函数的PHP代码,但是这个页面的刷新改变了表单的输入焦点。所以,我发现维一的一个在他们表单元素上不失去焦点的解决方法。 You can make a session not to expire by using this code. Its a mixture of PHP and JavaScript and can be used on the same page were your code goes or it can be called using an ilayer/iframe from your page. 你可以用这个代码使session不过期。 它是PHP和javascript的混合代码 I know this is not the best practice, but in some cases were user has no control over server globals and security is not important this can help. 我知道这不是最好的,但有些情况在全球服务器上是用户不能控制的, Here is the code. 0){ header('Content-Type: image/gif'); header("Content-Disposition: inline; filename=".time().".gif"); echo base64_decode(str_replace("\n",""," R0lGODlhAQABAPcAAAAAAAAAQAAAgAAA/ wAgAAAgQAAggAAg/wBAAABAQABAgABA/ wBgAABgQABggABg/wCAAACAQACAgACA/ wCgAACgQACggACg/wDAAADAQADAgADA/ wD/AAD/QAD/gAD//yAAACAAQCAAgCAA/ yAgACAgQCAggCAg/yBAACBAQCBAgCBA/ yBgACBgQCBggCBg/yCAACCAQCCAgCCA/ yCgACCgQCCggCCg/yDAACDAQCDAgCDA/ yD/ACD/QCD/gCD//0AAAEAAQEAAgEAA/ 0AgAEAgQEAggEAg/0BAAEBAQEBAgEBA/ 0BgAEBgQEBggEBg/0CAAECAQECAgECA/ 0CgAECgQECggECg/0DAAEDAQEDAgEDA/ 0D/AED/QED/gED//2AAAGAAQGAAgGAA/ 2AgAGAgQGAggGAg/2BAAGBAQGBAgGBA/ 2BgAGBgQGBggGBg/2CAAGCAQGCAgGCA/ 2CgAGCgQGCggGCg/2DAAGDAQGDAgGDA/ 2D/AGD/QGD/gGD//4AAAIAAQIAAgIAA/ 4AgAIAgQIAggIAg/4BAAIBAQIBAgIBA/ 4BgAIBgQIBggIBg/4CAAICAQICAgICA/ 4CgAICgQICggICg/4DAAIDAQIDAgIDA/ 4D/AID/QID/gID//6AAAKAAQKAAgKAA/ 6AgAKAgQKAggKAg/6BAAKBAQKBAgKBA/ 6BgAKBgQKBggKBg/6CAAKCAQKCAgKCA/ 6CgAKCgQKCggKCg/6DAAKDAQKDAgKDA/ 6D/AKD/QKD/gKD//8AAAMAAQMAAgMAA/ 8AgAMAgQMAggMAg/8BAAMBAQMBAgMBA/ 8BgAMBgQMBggMBg/8CAAMCAQMCAgMCA/ 8CgAMCgQMCggMCg/8DAAMDAQMDAgMDA/ 8D/AMD/QMD/gMD///8AAP8AQP8AgP8A/ /8gAP8gQP8ggP8g//9AAP9AQP9AgP9A/ /9gAP9gQP9ggP9g//+AAP+AQP+AgP+A/ /+gAP+gQP+ggP+g///AAP/AQP/AgP/A/ ///AP//QP//gP///yH5BAEAAP8ALAAAA AABAAEAAAgEAP8FBAA7")); exit; } ?>
session_cache_limiter
(PHP 4 >= 4.0.3, PHP 5)
session_cache_limiter -- Get and/or set the current cache limiter
session_cache_limiter -- 得到或设置当前缓存的限制者
Description
string session_cache_limiter ( [string cache_limiter])
session_cache_limiter() returns the name of the current cache limiter. If cache_limiter is specified, the name of the current cache limiter is changed to the new value.
Session_cache_limiter() 返回当前缓存限制者的名称。如果 cache_limiter 被指定,当前缓存限制者的名字被改变为新值。
The cache limiter defines which cache control HTTP headers are sent to the client. These headers determine the rules by which the page content may be cached by the client and intermediate proxies. Setting the cache limiter to nocache disallows any client/proxy caching. A value of public permits caching by proxies and the client, whereas private disallows caching by proxies and permits the client to cache the contents.
缓存限制者定义由那个缓存控制HTTP头部发送到客户端。这些头部决定哪些 由客户端和代理媒体缓存页面内容的规则。设置缓存限制者为nocache不允许任何客户端或代理缓存。设为public准许由代理和客户端缓存。然而private 不允许由代理缓存,但允许客户端去缓存内容。
In private mode, the Expire header sent to the client may cause confusion for some browsers, including Mozilla. You can avoid this problem by using private_no_expire mode. The expire header is never sent to the client in this mode.
在private方式下,对于有些浏览器,发送到客户端的期满头部可能会引起混乱,包括Mozilla。你可以用private_no_expire方式避免这个问题。在这种方式中,期满的头部不会发送到客户端。
注: private_no_expire was added in PHP 4.2.0.
注:private_no_expire 在PHP4.2.0中可用。
The cache limiter is reset to the default value stored in session.cache_limiter at request startup time. Thus, you need to call session_cache_limiter() for every request (and before session_start() is called).
在请求启动的时候,缓存限制者被重置为存储在session.cache_limiter中的缺省值。因此你需要为每个请求调用session_cache_limiter()(在session_start()调用之前)。
session_commit
session_commit -- Alias of session_write_close()
session_commit – 是session_write_close()的别名
session_write_close
(PHP 4 >= 4.0.4, PHP 5)
session_write_close -- Write session data and end session
session_write_close – 写session数据并结束session
Description 描述
void session_write_close ( void )
End the current session and store session data.
结束当前session并保存session数据
Session data is usually stored after your script terminated without the need to call session_write_close(), but as session data is locked to prevent concurrent writes only one script may operate on a session at any time. When using framesets together with sessions you will experience the frames loading one by one due to this locking. You can reduce the time needed to load all the frames by ending the session as soon as all changes to session variables are done.
Session数据通常在你的脚本终止后保存,没有必要去调用session_write_close(),除了为了防止任何时候都只有一个脚本可以操作的并发写入,而锁定了session数据。当和sessions一起使用框架的时候,由于这个锁定你会感觉到框架一个一个的被装载。你可以用所有session变量一完成更改就结束这个session的方法,减少所有框架加载的时间。
session_decode
(PHP 4 , PHP 5)
session_decode -- Decodes session data from a string
session_decode -- 从字串中解码session数据
Description
bool session_decode ( string data)
session_decode() decodes the session data in data, setting variables stored in the session.
Session_decode() 解码在data(存储在session中的设置变量)中的session数据
session_encode
(PHP 4 , PHP 5)
session_encode -- 将当前会话数据编码为一个字符串
描述
string session_encode ( void )
session_encode()返回一个字符串,该字符串包含有被编码的当前会话数据。
session_destroy
(PHP 4 , PHP 5)
session_destroy -- Destroys all data registered to a session
session_destroy – 摧毁所有注册在session中的数据
Description
bool session_destroy ( void )
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie.
Session_destroy() 摧毁所有于当前session相关的数据。这不可以撤消任何于这个session相关的全局变量,或撤消这个session cookie。
This function returns TRUE on success and FALSE on failure to destroy the session data.
如果成功返回true,失败则返回false。
例子 1. Destroying a session
例子 2. Destroying a session with $_SESSION
session_get_cookie_params
(PHP 4 , PHP 5)
session_get_cookie_params -- Get the session cookie parameters
session_get_cookie_params – 得到session cookie 参数
Description
array session_get_cookie_params ( void )
The session_get_cookie_params() function returns an array with the current session cookie information, the array contains the following items:
Session_get_cookie_params()函数返回一个带有当前session cookie信息的数组,这个数组包括下面的项目:
"lifetime" - The lifetime of the cookie in seconds.
“lifetime” – 用秒数表示的cookie生存时间
"path" - The path where information is stored.
“path” – 存储信息的路径
"domain" - The domain of the cookie.
“domain” – cookie 的域名
"secure" - The cookie should only be sent over secure connections. (This item was added in PHP 4.0.4.)
“secure” – 这个cookie 应该只通过安全连接被发送
session_id
(PHP 4 , PHP 5)
session_id -- Get and/or set the current session id
session_id – 得到或设置当前session id
Description
string session_id ( [string id])
session_id() returns the session id for the current session.
If id is specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose. Depending on the session handler, not all characters are allowed within the session id. For example, the file session handler only allows characters in the range a-z, A-Z and 0-9!
如果id被指定,它将替换当前session id 。为了替换,session_id()要在session_start()之前调用。依赖不同的session处理器,不是所有字符允许包含在session id中。比如,文件型session只允许a-z,A-Z 和0-9这些字符。
注: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set.
注:当使用session cookies时,无论当前session id是否是与设置的一样,session_start()被调用时,指定一个id,session_id()总会发送一个新的cookie。
The constant SID can also be used to retrieve the current name and session id as a string suitable for adding to URLs. Note that SID is only defined if the client didn't send the right cookie. See also Session handling.
常量SID也可以作为一个附加在URLs上相配的字符串,用于获得当前名字和session id。注意:如果客户端没有发送正确的cookie,SID只不是被定义了。
session_is_registered
(PHP 4 , PHP 5)
session_is_registered -- Find out whether a global variable is registered in a session
session_is_registered – 查明一个全局变量是否在session中注册。
Description
bool session_is_registered ( string name)
session_is_registered() returns TRUE if there is a global variable with the name name registered in the current session.
Session_is_registered() 如果有一个在当前session中注册为name名字的全局变量,返回true。
注: If $_SESSION (or $HTTP_SESSION_VARS for PHP 4.0.6 or less) is used, use isset() to check a variable is registered in $_SESSION.
注:如果使用$_SESSION(或$HTTP_SESSION_VARS),用isset()去检查一个变量注册在$_SESSION中。
注意 If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use session_register(), session_is_registered() and session_unregister().
如果你用$_SESSION,就不要使用session_register(),session_is_registered() 和 session_unregister() session_module_name
(PHP 4 , PHP 5)
session_module_name -- Get and/or set the current session module
session_module_name – 得到或设置当前session 模块
Description
string session_module_name ( [string module])
session_module_name() returns the name of the current session module. If module is specified, that module will be used instead.
Session_module_name() 返回当前session模块的名字。如果module被指定则模块会被替换。
session_name
(PHP 4 , PHP 5)
session_name -- Get and/or set the current session name
session_name – 得到或设置当前session名字
Description
string session_name ( [string name])
session_name() returns the name of the current session. If name is specified, the name of the current session is changed to its value.
Session_name() 返回当前session的名字。如果name被指定,则当前session将被改变为这个值。
The session name references the session id in cookies and URLs. It should contain only alphanumeric characters; it should be short and descriptive (i.e. for users with enabled cookie warnings). The session name is reset to the default value stored in session.name at request startup time. Thus, you need to call session_name() for every request (and before session_start() or session_register() are called).
例子 1. session_name() examples
See also the session.name configuration directive.
session_regenerate_id
(PHP 4 >= 4.3.2, PHP 5)
session_regenerate_id -- Update the current session id with a newly generated one
session_regenerate_id –- 重新产生的的一个sessioin更新当前session id。
Description
bool session_regenerate_id ( void )
session_regenerate_id() will replace the current session id with a new one, and keep the current session information.
Session_regenerate_id() 用新的session id 替换当前id,并保留当前session信息。
如果成功则返回 TRUE,失败则返回 FALSE。
例子 1. A session_regenerate_id() example
注: As of PHP 4.3.3, if session cookies are enabled, use of session_regenerate_id() will also submit a new session cookie with the new session id.
注:到PHP4.3.3为止,如果session cookies被打开,使用session_regenerate_id() 也会用新session id 提交一个新的sessioni cookie。
session_register
(PHP 4 , PHP 5)
session_register -- Register one or more global variables with the current session
session_register –- 注册一个或更多当前session的全局变量。
Description
bool session_register ( mixed name [, mixed ...])
session_register() accepts a variable number of arguments, any of which can be either a string holding the name of a variable or an array consisting of variable names or other arrays. For each name, session_register() registers the global variable with that name in the current session.
Session_register() 接受一个可变数量的参数,这个参数可以是持有变量名称的字符串 或 由变量名称或其它数组组成的数组。对每一个名字,session_register() 在当前session中用这个名字注册为全局变量。
注意 If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.
如果你想让你的脚本不管register_globals是否打开都能正常工作,你需要用$_SESSION数组代替工作,因为$SESSION内容会自动注册。如果你的脚本用session_register(),将不能在register_globals被关闭的PHP环境中正常工作。 register_globals:重要提示: 自 PHP 4.2.0 开始,PHP 中的选项 register_globals 的默认值被设为 off。PHP 社区鼓励大家不要依赖于这个选项,用其它的替代,例如 superglobals。
注意 This registers a global variable. If you want to register a session variable from within a function, you nee