php 完全销毁会话的最佳方法 - 即使浏览器未关闭
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3948230/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Best way to completely destroy a session - even if the browser is not closed
提问by Mawg says reinstate Monica
Is it enough to
是否足以
session_start(); // Must start a session before destroying it
if (isset($_SESSION))
{
unset($_SESSION);
session_unset();
session_destroy();
}
when the user selects Log outfrom a menu, but does not quit his browser? I want to totally remove all existence of the session and $_SESSION
当用户Log out从菜单中选择但没有退出浏览器时?我想完全删除会话的所有存在和$_SESSION
回答by Pekka
According to the manual, there's more to do:
根据手册,还有更多工作要做:
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
为了完全终止会话,比如注销用户,会话 ID 也必须取消设置。如果使用 cookie 来传播会话 ID(默认行为),则必须删除会话 cookie。setcookie() 可用于此目的。
The manual link has a full working example on how to do that. Stolen from there:
手动链接有一个关于如何做到这一点的完整工作示例。从那里被盗:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
