问题
I want to know why do we call session_start() before any other content in the web page?
回答1:
Let me try to describe, how HTTP protocol works.
Request from browser looks like this:
GET /somefolder/somescript.php HTTP/1.1
Host: www.yourhost.com
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Your_Useragent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp;q=0.8
Referer: http://testreferer.com/
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4,bg;q=0.2
Another-Header: Value1
Another-Header1: Value2
And request from server looks almost like this:
HTTP/1.1 200 OK
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=15552000; includeSubdomains; preload
Content-Security-Policy: upgrade-insecure-requests
Some-Other-Header: Value1
And-Another-Header: Value2\n\n
<YOUR WEBPAGE CONTENTS>
So first server is sending headers and \n\n
in the end, and just then starting to send your webpage contents.
But session_start()
is sending "it's own" headers, but you can't send any headers when they're already finished sending!
Example:
<?php
Header("SomeCoolHeader: Value1"); //Sending custom headers
session_start(); //Sending session header
Header("AnotherHeader: Value2"); //Sending custom headers
echo "Some text"; //Header sending automatically finished and sent some html text
?>
Example 2 (with error):
<?php
Header("CustomHeader1: Value1"); //sending custom headers
echo "Some text"; //Header sending automatically finished and sent some html text
Header("CustomHeader2: Value2"); //Cannot add header information - headers already sent
?>
Example 3 (with error):
<?php
Header("CustomHeader1: Value1"); //sending custom headers
echo "Some text"; //Header sending automatically finished and sent some html text
session_start(); //Cannot add header information - headers already sent
?>
If you're still have any questions - you can ask me in comments.
回答2:
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
When session_start() is called or when a session auto starts, PHP will call the open and read session save handlers. These will either be a built-in save handler provided by default or by PHP extensions (such as SQLite or Memcached); or can be custom handler as defined by session_set_save_handler(). The read callback will retrieve any existing session data (stored in a special serialized format) and will be unserialized and used to automatically populate the $_SESSION superglobal when the read callback returns the saved session data back to PHP session handling.
To use a named session, call session_name() before calling session_start().
When session.use_trans_sid is enabled, the session_start() function will register an internal output handler for URL rewriting.
If a user uses ob_gzhandler or similar with ob_start(), the function order is important for proper output. For example, ob_gzhandler must be registered before starting the session.
回答3:
As we know cookies are store in our browser and session are store in the server. There is no size limitation in session. To sole this question we has to look at how PHP work internally. Look in the php.ini file you can see some thing like below under session,
[Session]
session.save_handler = files
session.save_path = "/tmp"
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
As in default configuration php store session as a file in the server, default path is "/tem". In tmp you can see files named like "sess_4b1e384ad74619bd212e236e52a5a174If", this is only a single session file. In normal scenario there are many users access the same web at same time. Then there are many such files in the tmp folder. While php creating a file in the tmp folder php set a cookie in the clients browser as PHPSESSID as the name and a value. This cookie is show in the below image. enter image description here
With each request, browser send this cookie to the server. enter image description here
来源:https://stackoverflow.com/questions/38035229/why-do-we-call-session-start-before-any-other-content-in-the-web-page