php 如何删除PHP会话?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/758790/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to delete a PHP session?
提问by user39653
It's possible I'm not properly deleting PHP sessions when the user signs out. I've noticed that if I sign out and sign back in without closing the browser, the session ID doesn't change but if I sign out, close the browser window, open a new one and sign in, the session ID will be different. Do I need to be doing something different or is this normal behavior? I've been using the same process for three years but something happened recently that made me think that maybeI need to do something different.
当用户退出时,我可能没有正确删除 PHP 会话。我注意到如果我在不关闭浏览器的情况下退出并重新登录,会话 ID 不会改变,但是如果我退出,关闭浏览器窗口,打开一个新窗口并登录,会话 ID 会有所不同. 我需要做一些不同的事情还是这是正常的行为?我已经使用相同的过程三年了,但最近发生的事情让我觉得也许我需要做一些不同的事情。
Here's what I basically do when someone clicks Sign Out.
当有人单击“注销”时,这就是我的基本操作。
<?php
session_start();
if( isSet($_SESSION['FacID']) )
$facID = $_SESSION['FacID']; //Want to re-instate this after we destroy the session.
unset($_SESSION);
session_destroy();
if( isSet($_SESSION['FacID']) )
$_SESSION['FacID'] = $facID;
?>
回答by zalew
If you feel the need to force a new id http://pl.php.net/manual/en/function.session-regenerate-id.php
如果你觉得需要强制一个新的 id http://pl.php.net/manual/en/function.session-regenerate-id.php
And to your question, from the manual:
对于您的问题,来自手册:
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
session_destroy() 销毁与当前会话相关的所有数据。它不会取消设置与会话关联的任何全局变量,也不会取消设置会话 cookie。要再次使用会话变量,必须调用 session_start()。
为了完全终止会话,比如注销用户,会话 ID 也必须取消设置。如果使用 cookie 来传播会话 ID(默认行为),则必须删除会话 cookie。setcookie() 可用于此目的。
回答by Nick Whaley
Your session is getting destroyed.
您的会话正在被破坏。
PHP will only generate a session id if the browser isn't specifying one. As long as the session has been destoryed, there is no problems with this.
如果浏览器未指定会话 ID,PHP 只会生成会话 ID。只要会话被销毁,就没有问题。
回答by strager
What's with the massive save-and-destroy? Just session_startand set your variables. No need to destroy, then reset them!
大规模的保存和销毁是怎么回事?只需session_start设置您的变量。无需破坏,然后重置它们!
Your "problem" with the browser is that when you close your browser window, your browser is deleting the cookie which PHP sends it so it knows the session ID. This is a browser option and cannot be changed on the server side (unless you exploit). It can be circumvented using some methods, but that's probably not your best option.
您对浏览器的“问题”是,当您关闭浏览器窗口时,您的浏览器会删除 PHP 发送给它的 cookie,因此它知道会话 ID。这是一个浏览器选项,不能在服务器端更改(除非您利用)。可以使用某些方法来规避它,但这可能不是您的最佳选择。
