PHP $_SESSION 变量不会取消设置 [英] PHP $_SESSION variable will not unset

问题描述

抱歉，我在这个论坛上看到了一些重复的问题，但没有一个回复对我有用...

sorry for a repetitive question, I've seen a few of these on this forum but none of the responses worked for me...

我正在使用 php 会话构建基本登录，这是我的新手...

I am building a basic login using php sessions, which I'm new at...

login.php 验证 html 登录表单并开始会话，设置变量:$_SESSION['login'] 和 $_SESSION['id],

login.php validates html login form and begins a session, setting variables: $_SESSION['login'] and $_SESSION['id],

然后每个需要有效登录的页面使用 require 'session.php'; 它检查 $_SESSION['valid'] 变量并重定向用户 w/o 正确的登录变量.问题是当我注销时，我设置的会话变量都不会取消设置.

then each page that requires a valid login uses require 'session.php'; which checks the $_SESSION['valid'] variable and redirects a user w/o proper login variable. The problem is when I logout neither session variable I've set will unset.

现在我的 logout.php 文件使用了几乎所有方法来销毁我能够在网上找到的变量，但实际上没有人会这样做.

Right now my logout.php file uses about every method to destroy the variables that I've been able to find online and none will actually do it.

所以每当我退出时，我仍然可以访问私人"页面.

So whenever I log out, I can still access the 'private' pages.

另请注意:我已经尝试过没有会话名称，例如:session_start(); 没有用，所以现在我正在使用 session_start("user");

Also note: I have tried it w/o a session name ex: session_start(); that didn't work so now I'm using session_start("user");

另请注意:我没有使用 cookie.

Also note: I am NOT using cookies.

这里是我提到的文件:

登录.php

$email=$_POST['email-log']; $pass=$_POST['password-log'];

$i=-1;

do
{$i++; $path="users/".$i.".json";
$file=  file_get_contents($path);
$x=json_decode($file,true);
} while($x['email']!=$email);
$id=$i;
$truepass=$x['pass'];

$errors=0;
$hash=hash('sha256',$pass);
if($hash != $truepass){$errors=$errors+1;}

if($errors==0){
        session_start("user");
        $_SESSION['login']="valid";
        $_SESSION['id']=$id;

    header('Location: loginlanding.php');}

else{header('Location: front.php?error=y');}

<小时>

session.php

---

session.php

session_start("user"); if($_SESSION['login'] !== "valid") {header('Location: front.php?needto=login');}

<小时>

logout.php

---

logout.php

unset($_SESSION); unset($_SESSION['login']); unset($_SESSION['id']); session_unset("user"); $_SESSION=array(); session_destroy("user"); header('Location: front.php?logged=out');

<小时>

欢迎任何和所有回复，我提前感谢您，另外请注意，我是一般登录的新手，因此也欢迎任何加强安全性的建议.我打算让它更安全，但首先我需要启动并运行这个基本功能.

---

Any and all responses are welcome and I thank you in advance, also note, I am new to logins in general so any advice to beef up security is welcome also. I'm planning on making it more secure, but first I need to get this basic functionality up and running.

推荐答案

你不应该unset($_SESSION).

清除 $_SESSION 变量的最简单方法是 $_SESSION = Array();

The easiest way to clear the $_SESSION variable is $_SESSION = Array();

但是，您也可以使用 unset 进行迭代:

However, you can also iterate with unset:

foreach(array_keys($_SESSION) as $k) unset($_SESSION[$k]);

这篇关于PHP $_SESSION 变量不会取消设置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！