如何销毁特定的 PHP 会话 [英] How to destroy a specific PHP session
问题描述
我正在寻找有关如何在 PHP 中销毁特定会话的见解.通过合作伙伴网站,用户使用令牌登录主网站并获得完整会话.
I am looking for insights into how to destroy a specific session in PHP. Through a partner website a user logs into the main website using a token and obtains a full session.
如果用户从合作伙伴网站注销,合作伙伴网站也可以调用销毁函数.然后我们也应该注销我们自己的用户.
It is also possible for the partner website to call a destroy function if the user logouts from the partner website. We should then also log out our own user.
最好的方法是什么?Zend_Session destroy 方法不接受参数,类似的 PHP 函数 session_destroy 也不接受.
What is the best approach to this? The Zend_Session destroy method does not accept a parameter, similarly the PHP function session_destroy does neither.
我正在考虑两种选择:
直接从文件/内存缓存中删除会话信息,但更喜欢比这更干净"的方法.
Removing the session information directly from file/memcache but would prefer a "cleaner" approach than this.
检查每个页面请求是否为令牌"用户;如果然后通过维护列表检查他们的令牌是否已过期.这会增加繁忙网站的开销,但可能是我唯一的选择.
Checking at every page request if this is a "token" user ; and if then check if their token was expired by maintaining a list. This adds overhead to a busy website, but might be my only option.
或者有没有我没有看到的第三种/更好的方法?
Or is there a third / better approach I am not seeing?
推荐答案
如果您希望能够踢"用户的会话,那么唯一的方法就是使用 MySQL(或其他数据库,甚至是 sqlite)用于您的会话存储.
If you wish to be able to 'kick' the sessions of a user(s), the only way you can do it is if you use MySQL (or someother db, sqlite even) for your session storage.
然后您可以简单地从数据库中删除条目以终止会话.
Then you can simply remove entries from the db to kill a session.
这也允许你做一些事情,比如控制"特定用户的会话和其他东西:)
This also allows you do do things such as, 'take control' of a specific user's session and other stuff :)
查看这个非常基本的运行:http://www.devshed.com/c/a/MySQL/Custom-Session-Management-Using-PHP-and-MySQL/(不是最好的例子,但足够好的完整例子开始你).
See this for a very basic run through: http://www.devshed.com/c/a/MySQL/Custom-Session-Management-Using-PHP-and-MySQL/ (not the best example but good enough full example to start you).
编辑
此外,如果通过合作伙伴站点注销,我过去使用的另一种方法(使用 O2 和其他此类站点),他们会收到回调"(在大多数情况下为 REST API 调用),他们也会这样做需要在用户退出网站时调用.
Also, if logging out through the partner site, another method I have used in the past (which was with O2 and other such sites) they were given a 'callback' (REST API call in most cases) which they would also need to call when the user logs out of their site.
这篇关于如何销毁特定的 PHP 会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
