PHP has several configuration directives to control session handling process like session upload and URL rewriting. These are set with PHP configuration file php.ini. To know the values that are set we can use phpinfo() function. For example I get the following.
In this PHP tutorial, we are going to see about few important session configuration directives and their possible values.
session.save_handler = files | mm | sqlite | user
session.save_path = "N;/path"
where N is an Integer representing the depth of the sub directory.
session.save_path = "N;MODE;/path"
where MODE is an Octal value. The default mode is 600 (allows owner to read and write).
This directive has 1 or 0 as its value to specify whether cookies are used to store session id or not.
session.use_cookies = 0 | 1
If 1 then cookies will be used to store session id. If not, the session id is preserved by using URL rewriting.
It controls whether cookies are sent via secure connections or not. It will be set with ON | OFF values. The default is OFF.
By setting this directive cookies are used as the mandatory storage to preserve session id. It prevents session hijacking.
To specify the name of the session. PHPSESSID is the default name.
session.name = PHPSESSID
We need to start session before using PHP session function. This directive is used to start session automatically on each page request. So, we need to set session.auto_start as 1.
session.auto_start = 0 | 1
If session.auto_start is 1, managing objects into session needs further configuration. That is, auto_prepend_file directive is used to refer corresponding class.
This is used to set cookie life time. If it is set as 0, then cookie remains until browser restart.
To specify the path where the cookies will be valid.
Similarly, to specify the domain in which the cookies will be valid.
This directive is on then it will stop client side scripts to access session id preserved in cookies.
The values of these directives are used to calculate the probability to run garbage collection to clean up session data.
It has the max lifetime of the session id in seconds. If the session id reaches this limit, PHP will treat it as garbage and clear it.
This directive controls cache headers sent to the client and proxies. The possible values are,
session.cache_expire = 120
This directive is used to preserve session id by URL rewriting. As URL are shared among multiple users, maintaining session id in URL is risky. It cause multiple access with same session_id at a time.
This directive is used to choose hash function to generate session id. 0 and 1 represents MD5 and SHA algorithms respectively.
This PHP tutorial was added on April 24, 2014.