ecshop中的session機制不是PHP自帶的,而是ecshop自定義的一套機制,這兩天利用時間學習了一下,以下是學習筆記。
1.session的初始化是在 includes下的 init.php 文件中,具體代碼如下:
1 if (!defined('INIT_NO_USERS')) 2 { 3 /* 初始化session */ 4 include(ROOT_PATH . 'includes/cls_session.php'); 5 6 $sess = new cls_session($db, $ecs->table('sessions'), $ecs->table('sessions_data')); 7 8 define('SESS_ID', $sess->get_session_id()); 9 }
2.cls_session類的構造函數都做什么了?
(1)基礎設置,清空session,為成員變量賦值,包括($this->session_cookie_path、$this->session_cookie_domain、$this->session_cookie_secure)
$GLOBALS['_SESSION'] = array();//清空session if (!empty($GLOBALS['cookie_path'])) { $this->session_cookie_path = $GLOBALS['cookie_path']; } else { $this->session_cookie_path = '/'; } if (!empty($GLOBALS['cookie_domain'])) { $this->session_cookie_domain = $GLOBALS['cookie_domain']; } else { $this->session_cookie_domain = ''; } if (!empty($GLOBALS['cookie_secure'])) { $this->session_cookie_secure = $GLOBALS['cookie_secure']; } else { $this->session_cookie_secure = false; } $this->session_name = $session_name; //session名稱,默認 'ECS_ID' $this->session_table = $session_table; $this->session_data_table = $session_data_table; $this->db = &$db; $this->_ip = real_ip();//客戶真實IP
(2)獲取 session_id,如果cookie中存在就從cookie中獲取,如果不存在就設置為空。
1 if ($session_id == '' && !empty($_COOKIE[$this->session_name])) 2 { 3 $this->session_id = $_COOKIE[$this->session_name]; 4 } 5 else 6 { 7 $this->session_id = $session_id; 8 }
(3)如果cookie中存在session_id,就效驗此session_id的真實性
if ($this->session_id) { $tmp_session_id = substr($this->session_id, 0, 32); if ($this->gen_session_key($tmp_session_id) == substr($this->session_id, 32)) { $this->session_id = $tmp_session_id; } else { $this->session_id = ''; } }
(4)如果session_id存在就加載該session_id下的session數據,如果不存在就生成一個session_id並插入到數據庫
1 $this->_time = time(); 2 3 if ($this->session_id) 4 { 5 //如果存在session_id,加載該session_id 下的所有session 6 $this->load_session(); 7 } 8 else 9 { 10 $this->gen_session_id(); 11 12 setcookie($this->session_name, $this->session_id . $this->gen_session_key($this->session_id), 0, $this->session_cookie_path, $this->session_cookie_domain, $this->session_cookie_secure); 13 }
3.cls_session類其它重要方法
(1)gen_session_id() 生成一個session_id,並插入到數據庫
function gen_session_id() { $this->session_id = md5(uniqid(mt_rand(), true)); return $this->insert_session(); }
(2)gen_session_key($session_id) 效驗客戶端session_id真實性
function gen_session_key($session_id) { static $ip = ''; if ($ip == '') { $ip = substr($this->_ip, 0, strrpos($this->_ip, '.')); } return sprintf('%08x', crc32(ROOT_PATH . $ip . $session_id)); }
(3)insert_session() 插入一條session
function insert_session() { return $this->db->query('INSERT INTO ' . $this->session_table . " (sesskey, expiry, ip, data) VALUES ('" . $this->session_id . "', '". $this->_time ."', '". $this->_ip ."', 'a:0:{}')"); }
(4)load_session() 通過session_id加載session
(5)update_session() 更新session