如何杀死一个/所有的PHP会话? [英] How to kill a/all php sessions?
问题描述
我有一个非常基本的php会话登录脚本.我要强制退出某个用户或强制退出所有用户.
I have a very basic php session login script. I want to force logout of a certain user or force logout of all users.
如何阅读网站上的所有会话,并销毁部分或全部会话?
How can I read all sessions made to my website, and destroy some or all sessions?
推荐答案
您可以尝试强制PHP删除所有会话,
You could try to force PHP to delete all the sessions by doing
ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);
这迫使PHP将所有会话的生存期设为0秒,并且被清除的可能性为100%.
That forces PHP to treat all sessions as having a 0-second lifetime, and a 100% probability of getting cleaned up.
缺点是,无论哪个运气好的用户首先运行此命令,都会在PHP进行清理时长时间停顿,尤其是在要处理大量会话文件的情况下.
The drawback is that whichever unlucky user runs this first will get a long pause while PHP does cleanup, especially if there's a lot of session files to go through.
对于一个特定用户,您必须向会话处理程序中添加一些代码:
For one particular user, you'd have to add some code to your session handler:
if ($_SESSION['username'] == 'user to delete') {
session_destroy();
}
PHP的垃圾收集器是不可控制的,因此您不能给它提供诸如删除除用户X之外的所有会话"之类的参数.它严格查看会话文件上的最后修改/最后访问的时间戳,并将其与max_lifetime设置进行比较.它实际上并没有处理会话数据.
PHP's garbage collector isn't controllable, so you can't give it parameters such as "delete all sessions except for user X's". It looks strictly at the last-modified/last-accessed timestamps on the session files and compares that to the max_lifetime setting. It doesn't actually process the session data.
这篇关于如何杀死一个/所有的PHP会话?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!