注销按钮上的 PHP 会话销毁
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9001702/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP Session Destroy on Log Out Button
提问by fitzilla
I'm currently working on a site that has a log-in (username and password) - The password protection is done by the operating system within the web server at folder level called a Realm within the OS. For now this will have to do, until we figure out a proper PHP log in system.
我目前正在一个具有登录名(用户名和密码)的站点上工作 - 密码保护由 Web 服务器中的操作系统在操作系统中称为领域的文件夹级别完成。现在这将不得不做,直到我们找出一个合适的 PHP 登录系统。
The code below, is based on a previous question on the stack overflow.
下面的代码基于上一个关于堆栈溢出的问题。
I'm using 3 files (See code snippets at the bottom).
我正在使用 3 个文件(请参阅底部的代码片段)。
The process is: - Click Log In button on index.php - Enter username and password to access authenticate index file. - Click log out button, which references the logout.php file - it SHOULD clear the cache and return the user to the top level index.
过程是: - 单击 index.php 上的登录按钮 - 输入用户名和密码以访问验证索引文件。- 单击引用 logout.php 文件的注销按钮 - 它应该清除缓存并将用户返回到顶级索引。
It doesn't 'destroy the session' in the sense that you're not asked to re-enter the password when prompted to, which is essentially what I want to happen.
它不会“破坏会话”,因为在提示时您不会被要求重新输入密码,这基本上是我想要发生的。
My minimal knowledge of php leaves me a little bit stumped here.
我对 php 的了解很少,这让我有点困惑。
index.php(top level file with log in button)
index.php(带有登录按钮的顶级文件)
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Test</title>
</head>
<body>
<a href="authenticate/index.php">Log In Btn</a>
</body>
</html>
authenticate/index.php(This folder is password protected - contains the index file with the log out button which links to the logout.php file)
authentication/index.php(此文件夹受密码保护 - 包含带有注销按钮的索引文件,该按钮链接到 logout.php 文件)
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Log out</title>
</head>
<body>
<a href="logout.php">Log Out Btn</a>
</body>
</html>
authenticate/logout.php
验证/注销.php
<?php
session_start(); //to ensure you are using same session
session_destroy(); //destroy the session
header("location:/index.php"); //to redirect back to "index.php" after logging out
exit();
?>
回答by
The folder being password protected has nothingto do with PHP!
受密码保护的文件夹与 PHP无关!
The method being used is called "Basic Authentication". There are no cross-browser ways to "logout" from it, except to ask the user to close and then open their browser...
所使用的方法称为“基本身份验证”。除了要求用户关闭然后打开他们的浏览器之外,没有跨浏览器的方法可以从它“注销”...
Here's how you you could do it in PHP instead (fully remove your Apache basic auth in .htaccessor wherever it is first):
以下是您可以在 PHP 中执行此操作的方法(.htaccess首先在其中或任何位置完全删除您的 Apache 基本身份验证):
login.php:
登录.php:
<?php
session_start();
//change 'valid_username' and 'valid_password' to your desired "correct" username and password
if (! empty($_POST) && $_POST['user'] === 'valid_username' && $_POST['pass'] === 'valid_password')
{
$_SESSION['logged_in'] = true;
header('Location: /index.php');
}
else
{
?>
<form method="POST">
Username: <input name="user" type="text"><br>
Password: <input name="pass" type="text"><br><br>
<input type="submit" value="submit">
</form>
<?php
}
index.php
索引.php
<?php
session_start();
if (! empty($_SESSION['logged_in']))
{
?>
<p>here is my super-secret content</p>
<a href='logout.php'>Click here to log out</a>
<?php
}
else
{
echo 'You are not logged in. <a href="login.php">Click here</a> to log in.';
}
logout.php:
登出.php:
<?php
session_start();
session_destroy();
echo 'You have been logged out. <a href="/">Go back</a>';
Obviously this is a verybasic implementation. You'd expect the usernames and passwords to be in a database, not as a hardcoded comparison. I'm just trying to give you an idea of how to do the session thing.
显然,这是一个非常基本的实现。您希望用户名和密码在数据库中,而不是作为硬编码比较。我只是想让你知道如何做会话。
Hope this helps you understand what's going on.
希望这可以帮助您了解正在发生的事情。
回答by Jana
First give the link of logout.phppage in that logout button.In that page make the code which is given below:
首先给出该logout.php注销按钮中的页面链接。在该页面中编写以下代码:
Here is the code:
这是代码:
<?php
session_start();
session_destroy();
?>
When the session has started, the session for the last/current user has been started, so don't need to declare the username. It will be deleted automatically by the session_destroy method.
当会话开始时,最后/当前用户的会话已经开始,因此不需要声明用户名。它将被 session_destroy 方法自动删除。
回答by Iulia
// logout
// 登出
if(isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header('location:login.php');
}
?>
?>
