当前位置:theitroad>PHP $_SESSION 变量不会取消设置

PHP $_SESSION 变量不会取消设置

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/12291835/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-25 03:16:12  来源:igfitidea点击:

PHP $_SESSION variable will not unset

phpsessionvariablesunset

提问by B Rad C

sorry for a repetitive question, I've seen a few of these on this forum but none of the responses worked for me...

抱歉重复的问题,我在这个论坛上看到了一些这样的问题,但没有一个对我有用......

I am building a basic login using php sessions, which I'm new at...

我正在使用 php 会话构建基本登录,这是我的新手...

login.php validates html login form and begins a session, setting variables: $_SESSION['login']and $_SESSION['id],

login.php 验证 html 登录表单并开始会话,设置变量:$_SESSION['login']$_SESSION['id]

then each page that requires a valid login uses require 'session.php';which checks the $_SESSION['valid']variable and redirects a user w/o proper login variable. The problem is when I logout neither session variable I've set will unset.

然后每个需要有效登录的页面都使用require 'session.php';它检查$_SESSION['valid']变量并重定向没有正确登录变量的用户。问题是当我注销时,我设置的会话变量都不会取消设置。

Right now my logout.php file uses about every method to destroy the variables that I've been able to find online and none will actually do it.

现在,我的 logout.php 文件使用了几乎所有方法来销毁我能够在网上找到的变量,但实际上没有人会这样做。

So whenever I log out, I can still access the 'private' pages.

所以每当我退出时,我仍然可以访问“私人”页面。

Also note: I have tried it w/o a session name ex: session_start();that didn't work so now I'm using session_start("user");

另请注意:我已经尝试过 w/oa 会话名称,例如:session_start();那没有用,所以现在我正在使用session_start("user");

Also note: I am NOT using cookies.

另请注意:我没有使用 cookie。

Here are the files I mentioned:

以下是我提到的文件:

login.php

登录.php

$email=$_POST['email-log']; $pass=$_POST['password-log'];

$i=-1;

do
{$i++; $path="users/".$i.".json";
$file=  file_get_contents($path);
$x=json_decode($file,true);
} while($x['email']!=$email);
$id=$i;
$truepass=$x['pass'];

$errors=0;
$hash=hash('sha256',$pass);
if($hash != $truepass){$errors=$errors+1;}

if($errors==0){
        session_start("user");
        $_SESSION['login']="valid";
        $_SESSION['id']=$id;

    header('Location: loginlanding.php');}

else{header('Location: front.php?error=y');}

session.php

会话文件

session_start("user"); if($_SESSION['login'] !== "valid") {header('Location: front.php?needto=login');}

logout.php

登出.php

unset($_SESSION); unset($_SESSION['login']); unset($_SESSION['id']); session_unset("user"); $_SESSION=array(); session_destroy("user"); header('Location: front.php?logged=out');

Any and all responses are welcome and I thank you in advance, also note, I am new to logins in general so any advice to beef up security is welcome also. I'm planning on making it more secure, but first I need to get this basic functionality up and running.

欢迎任何和所有回复,我提前感谢您,另外请注意,我是一般登录的新手,因此也欢迎任何加强安全性的建议。我打算让它更安全,但首先我需要启动并运行这个基本功能。

回答by Niet the Dark Absol

You should never unset($_SESSION).

你永远不应该unset($_SESSION)

The easiest way to clear the $_SESSIONvariable is $_SESSION = Array();

清除$_SESSION变量的最简单方法是$_SESSION = Array();

However, you can also iterate with unset:

但是,您也可以使用以下方法进行迭代unset

foreach(array_keys($_SESSION) as $k) unset($_SESSION[$k]);

回答by jeremy

It's amazing how many things you're attempting to do afteryou've unset the onlyreference you had to the session in the first place. Directly from the manual:

您首先取消设置对会话的唯一引用后,您尝试执行的操作数量之多令人惊讶。直接从手册:

Caution

Do NOT unset the whole $_SESSIONwith unset($_SESSION)as this will disable the registering of session variables through the $_SESSIONsuperglobal.

http://php.net/manual/en/function.session-unset.php

警告

不要取消整个设置$_SESSIONunset($_SESSION)因为这将禁用通过$_SESSION超全局变量注册会话变量。

http://php.net/manual/en/function.session-unset.php

You're unsetting $_SESSIONso your unsets to the other arrays of the super global $_SESSIONaren't registering, leaving them still in the browsers temporary cookies. Use session_unset()instead if you're trying to remove allsession variables. Otherwise, don't unsetthe session global, but unset each individual value of it you want to remove.

您正在取消设置,$_SESSION因此您对超级全局的其他数组的取消设置$_SESSION未注册,将它们保留在浏览器的临时 cookie 中。session_unset()如果您尝试删除所有会话变量,请改用。否则,不要取消设置会话全局,而是取消设置要删除的每个单独的值。

回答by MCunha98

My working example (notice that you must put start on the call)

我的工作示例(请注意,您必须开始通话)

<?php
    session_start();
    session_unset();
    session_destroy();
    header('location: ./');
?>

相关推荐

如何以 root 身份运行 PHP exec()?

如何以 root 身份运行 PHP exec()?

php 从 Magento 产品视图中的可配置产品中获取所有简单产品

php 从 Magento 产品视图中的可配置产品中获取所有简单产品

php cURL 'Content-length required' 错误... 3 天的搜索,没有运气

php cURL 'Content-length required' 错误... 3 天的搜索,没有运气

PHP:如何将子类 __construct() 参数传递给 parent::__construct()?

PHP:如何将子类 __construct() 参数传递给 parent::__construct()?