PHP - 默认会话处理与自定义会话处理
I have never tried a custom session handler so far in PHP, and with me thinking of picking up a framework (either CodeIgniter or Kohana), I see that there is an option to use a pre-built custom session handler. What are the pros and cons of going to a system in which session data is stored in the DB? In what ways does a custom session handler improves security and maintainability?
One pro which I can think of if you are on a shared webhost, and the webhost's temp folder is full, an attempt to open a session may fail. However, if the webhost's MySQL goes away, it's as equally futile.
Would appreciate any advice or guidelines. Thanks!
到目前为止,我从未在PHP中尝试过自定义会话处理程序,而且我想要选择一个框架(或者 CodeIgniter或Kohana),我看到有一个选项可以使用预先构建的自定义会话处理程序。 进入会话数据存储在DB中的系统的优缺点是什么? 自定义会话处理程序以何种方式提高安全性和可维护性? p>
如果您在共享的虚拟主机上,并且虚拟主机的临时文件夹已满,则可以考虑一位专业人员,尝试打开会话可能会失败。 但是,如果webhost的MySQL消失了,那同样徒劳无功。 p>
非常感谢任何建议或指导。 谢谢! p> div>
If you dig a little deeper into PHP’s default session handling, you will probably discover some things that are inaccurate in some way. Just like the session lifetime that actually is quite important but can be inaccurate in some cases (see How long will my session last? and How do I expire a PHP session after 30 minutes?).
So it might be necessary to implement your own session handler that does fixes this inaccuracy.
Other reasons can be security and performance. PHP’s default session handler uses files that could be accessed by others, be it intentionally or unintentionally. Using a protected database can make your data more secure and its caching abilities could speed things up. You could also use chaches like memcached to increase the access times even more.