从 PHP 中的会话注销的正确方法
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3512507/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
proper way to logout from a session in PHP
提问by Shiv Deepak
I have read many php tutorials for logout scripts, i am wondering what could be the proper way to logout from a session!
我已经阅读了许多有关注销脚本的 php 教程,我想知道从会话注销的正确方法是什么!
Script 1
脚本 1
<?php
session_start();
session_destroy();
header("location:index.php");
?>
Script 2
脚本 2
<?php
session_start();
session_unset();
session_destroy();
header("location:index.php");
?>
Script 3
脚本 3
<?php
session_start();
if (isset($_SESSION['username']))
{
unset($_SESSION['username']);
}
header("location:index.php");
?>
Is there any more effective way to do this?? A session can always be created by logging back in, so should i bother about use of session_destroy() and use unset($_SESSION['variable']) instead? which one of the above 3 script is more preferable?
有没有更有效的方法来做到这一点?会话总是可以通过重新登录来创建,所以我应该担心使用 session_destroy() 而不是使用 unset($_SESSION['variable']) 吗?以上 3 个脚本中的哪一个更可取?
回答by Frxstrem
From the session_destroy()page in the PHP manual:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
回答by ircmaxell
Personally, I do the following:
就个人而言,我执行以下操作:
session_start();
setcookie(session_name(), '', 100);
session_unset();
session_destroy();
$_SESSION = array();
That way, it kills the cookie, destroys all data stored internally, and destroys the current instance of the session information (which is ignored by session_destroy).
这样,它会杀死 cookie,破坏内部存储的所有数据,并破坏会话信息的当前实例(被 忽略session_destroy)。
回答by Haim Evgi
Session_unset();only destroys the session variables. To end the session there is another function called session_destroy();which also destroys the session .
Session_unset();只会破坏会话变量。要结束会话session_destroy();,还调用了另一个函数,该函数也会破坏会话。
update :
更新 :
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie()may be used for that
为了完全终止会话,比如注销用户,会话 ID 也必须取消设置。如果使用 cookie 来传播会话 ID(默认行为),则必须删除会话 cookie。setcookie()可以用于
回答by Optimaz ID
<?php
// Initialize the session.
session_start();
// Unset all of the session variables.
unset($_SESSION['username']);
// Finally, destroy the session.
session_destroy();
// Include URL for Login page to login again.
header("Location: login.php");
exit;
?>
