对PHP会话和会话cookie的疑问 [英] A doubt about PHP session and session cookie
问题描述
我对PHP会话和会话cookie有点混淆。
让我通过举一个codeproject.com的例子来问我的问题。
当我登录codeproject.com时,会启动一个会话,会话cookie会存储在我的浏览器中。所以我在这个网站上以用户身份登录。
现在,当我在浏览器中清除cookie时,它会删除所有浏览器cookie。
我的问题是 - 当我清除浏览器cookie时,即使我没有点击退出按钮来破坏浏览器cookie,也会破坏codeproject.com上的会话会话?
这就解释了我想问的问题。
清除浏览器cookie是否会自动销毁PHP会话,即使你没有在网站上做任何会调用该函数来破坏会话的东西?
I have a little confusion about PHP session and session cookies.
Let me ask my question by giving an example of codeproject.com.
When I login to codeproject.com, it starts a session and the session cookie gets stored in my browser. So I'm logged in as a user on this website.
Now when I clear cookies in my browser, it deletes all the browser cookie.
My question is - Is the session at codeproject.com destroyed when I clear the browser cookies even when I haven't clicked on logout button to destroy the session ?
So that explains what I want to ask.
Does clearing browser cookies automatically destroys PHP session even when you haven't done anything on a website that will call the function to destroy the session ??
推荐答案
当我清除浏览器cookie时,是否会破坏codeproject.com上的会话当我没有点击退出按钮来销毁会话时?
Is the session at codeproject.com destroyed when I clear the browser cookies even when I haven't clicked on logout button to destroy the session ?
客户端的会话被销毁。登录到CodeProject(或任何其他站点)时,您将获得会话ID。此ID的会话值存储在服务器端的文件中。您获得的会话ID存储为cookie。因此,当您清除cookie时,您还要清除包含您的会话ID的cookie。
但是这样做时,您不会破坏会话值服务器端文件(详见编辑#2)。
有从浏览器清除会话cookie和注销之间的一个小差异。如果注销,会从服务器端文件中删除会话值。如果清除cookie,则不会从文件中删除会话值。但是如果您清除会话cookie并再次登录,那么CodeProject会告诉您仍有打开的会话然后您可以销毁它们。
为了100%销毁会话,应该销毁两件事:
The session at the client-side is destroyed. When logging on to CodeProject (or any other site), you get a Session ID. The session values of this ID are stored in a file at server-side. The Session ID which you get, is stored as a cookie. So, when you clear your cookies, you also clear the cookie that contains your Session ID.
But when doing this, you don't destroy the session values from the server-side file (see Edit #2 for more information).
There's one small difference between clearing the Session cookie from the browser and logging out. If you log out, the the session values are removed from the server-side file. If you clear the cookie, then the session values are not removed from the file. But if you clear the session cookie, and log in again, then CodeProject tells you that there are still open sessions and then you can destroy them.
To 100% destroy a session, two things should be destroyed:
- 会话cookie
- 存储在服务器端文件中的会话值
当您通过注销按钮注销时,这两件事情被毁了。如果您清除会话cookie,则只删除一件事。您无法从服务器端文件中删除会话值,只有服务器端的代码可以执行此操作。
When you log out through the logout button, these two things are destroyed. If you clear the session cookie, there's just one thing removed. It's not possible for you to remove the session values from the server-side file, only the code at the server can do that.
这篇关于对PHP会话和会话cookie的疑问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
