[Session] ; Handler used to store/retrieve data . //用于存储和检索与会话关联数据的处理器名字 session.save_handler = files ; Argument passed to save_handler. In the case of files, this is the path ; where data files are stored. Note: Windows users have to change this ; variable in order to use PHP's session functions. ; ; As of PHP 4.0.1, you can define the path as: ; ; session.save_path = "N;/path" ; ; where N is an integer. Instead of storing all the session files in ; /path, what this will do is use subdirectories N-levels deep, and ; store the session data in those directories. This is useful if you ; or your OS have problems with lots of files in one directory, and is ; a more efficient layout for servers that handle lots of sessions. ; ; NOTE 1: PHP will not create this directory structure automatically. ; You can use the script in the ext/session dir for that purpose. ; NOTE 2: See the section on garbage collection below if you choose to ; use subdirectories for session storage //如果使用前述的目录方式存储session,则php自动垃圾回收机制将会失效; ; ; The file storage module creates files using mode 600 by default. ; You can change that by using ; ; session.save_path = "N;MODE;/path" ; ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. ;session.save_path = "/tmp" ; Whether to use cookies.//是否在客户端使用cookie保存会话ID session.use_cookies = 1 ;session.cookie_secure = //是否仅通过https安全连接发送cookie ; This option enables administrators to make their users invulnerable to ; attacks which involve passing session ids in URLs; defaults to 0. ; session.use_only_cookies = 1//确定是否仅仅使用cookie在客户端保存回话ID,如果打开可以避免使用URL传递会话带来的安全隐患;但是禁用cookie的客户端将无法使用会话; ; Name of the session (used as cookie name). session.name = PHPSESSID //默认的cookie会话中存储的会话ID,只可以包含字母和数字 ; Initialize session on request startup. session.auto_start = 0//是否默认开启session会话控制,如果开启则会话中就不可以保存对象 ; Lifetime in seconds of cookie or, if 0, until browser is restarted. session.cookie_lifetime = 0//设定传递会话ID的cookie有效期,如果为0,则在浏览器重启后失效; ; The path for which the cookie is valid. session.cookie_path = / ; The domain for which the cookie is valid. session.cookie_domain = //表示传递回话ID的作用路径 ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. session.cookie_httponly = //是否设定在cookie中添加httponly标志,如果开启则只会导致客户端脚本得不到该cookie; ; Handler used to serialize data. php is the standard serializer of PHP. session.serialize_handler = php //设定用来序列化、解序列化的处理器,也可以使用php_binary;当启用了WDDX支持后,这只可以使用 wddx处理器 ; Define the probability that the 'garbage collection' process is started ; on every session initialization. ; The probability is calculated by using gc_probability/gc_divisor, ; e.g. 1/100 means there is a 1% chance that the GC process starts ; on each request. session.gc_probability = 1 session.gc_divisor = 100 //设定每次初始化会话时,启动垃圾回收程序的概率;如果会话页面访问越频繁,则概率就应该越小;一般设定在1/1000-5000 ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. session.gc_maxlifetime = 1440 ; NOTE: If you are using the subdirectory option for storing session files ; (see session.save_path above), then garbage collection does *not* ; happen automatically. You will need to do your own garbage ; collection through a shell script, cron entry, or some other method. ; For example, the following script would is the equivalent of ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): ; cd /path/to/sessions; find -cmin +24 | xargs rm ; PHP 4.2 and less have an undocumented feature/bug that allows you to ; to initialize a session variable in the global scope, albeit register_globals ; is disabled. PHP 4.3 and later will warn you, if this feature is used. ; You can disable the feature and the warning separately. At this time, ; the warning is only displayed, if bug_compat_42 is enabled. session.bug_compat_42 = 1 session.bug_compat_warn = 1 ; Check HTTP Referer to invalidate externally stored URLs containing ids. ; HTTP_REFERER has to contain this substring for the session to be ; considered as valid. session.referer_check = ; How many bytes to read from the file. session.entropy_length = 0 //从高熵值资源中读取的字节数;一般设定为16 ; Specified here to create the session id. session.entropy_file = ;session.entropy_length = 16 ;session.entropy_file = /dev/urandom//设定附加的用于创建会话ID的外部高熵值资源(文件) ; Set to {nocache,private,public,} to determine HTTP caching aspects ; or leave this empty to avoid sending anti-caching headers. session.cache_limiter = nocache //设定会话页面的缓存控制模式 ; Document expires after n minutes. session.cache_expire = 180//设定会话页面在客户端cache中的有效期限,仅在非nocache模式下有效; ; trans sid support is disabled by default. ; Use of trans sid may risk your users security. ; Use this option with caution. ; - User may send URL contains active session ID ; to other person via. email/irc/etc. ; - URL that contains active session ID may be stored ; in publically accessible computer. ; - User may access your site with the same session ID ; always using URL stored in browser's history or bookmarks. session.use_trans_sid = 0 //是否开启url模式传输会话ID,用于客户端屏蔽cookie情况下进行会话控制;但一般不使用,危险系数高; ; Select a hash function ; 0: MD5 (128 bits) ; 1: SHA-1 (160 bits) session.hash_function = 0 //设定用户生成SID(会话ID)的散列算法;推荐使用SHA-1; ; Define how many bits are stored in each character when converting ; the binary hash data to something readable. ; ; 4 bits: 0-9, a-f ; 5 bits: 0-9, a-v ; 6 bits: 0-9, a-z, A-Z, "-", "," session.hash_bits_per_character = 4//指定在SID字符串中的每个字符内保存多少bit;推荐5 ; The URL rewriter will look for URLs in a defined set of HTML tags. ; form/fieldset are special; if you include them here, the rewriter will ; add a hidden <input> field with the info which is otherwise appended ; to URLs. If you want XHTML conformity, remove the form entry. ; Note that all valid entries require a "=", even if no value follows. url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="
