如何杀死一个/所有的PHP会话? [英] How to kill a/all php sessions?

问题描述

我有一个非常基本的php会话登录脚本.我要强制退出某个用户或强制退出所有用户.

I have a very basic php session login script. I want to force logout of a certain user or force logout of all users.

如何阅读网站上的所有会话，并销毁部分或全部会话?

How can I read all sessions made to my website, and destroy some or all sessions?

推荐答案

您可以尝试强制PHP删除所有会话，

You could try to force PHP to delete all the sessions by doing

ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);

这迫使PHP将所有会话的生存期设为0秒，并且被清除的可能性为100％.

That forces PHP to treat all sessions as having a 0-second lifetime, and a 100% probability of getting cleaned up.

缺点是，无论哪个运气好的用户首先运行此命令，都会在PHP进行清理时长时间停顿，尤其是在要处理大量会话文件的情况下.

The drawback is that whichever unlucky user runs this first will get a long pause while PHP does cleanup, especially if there's a lot of session files to go through.

对于一个特定用户，您必须向会话处理程序中添加一些代码:

For one particular user, you'd have to add some code to your session handler:

 if ($_SESSION['username'] == 'user to delete') {
     session_destroy();
 }

PHP的垃圾收集器是不可控制的，因此您不能给它提供诸如删除除用户X之外的所有会话"之类的参数.它严格查看会话文件上的最后修改/最后访问的时间戳，并将其与max_lifetime设置进行比较.它实际上并没有处理会话数据.

PHP's garbage collector isn't controllable, so you can't give it parameters such as "delete all sessions except for user X's". It looks strictly at the last-modified/last-accessed timestamps on the session files and compares that to the max_lifetime setting. It doesn't actually process the session data.

这篇关于如何杀死一个/所有的PHP会话?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！