为什么php在测试环境(WAMP)中每次都会生成相同的会话ID? [英] why is php generating the same session ids everytime in test environment (WAMP)?

问题描述

我已经在系统中配置了wamp，并且正在此本地环境中进行开发和测试.我正在使用注销功能，并且偶然发现正在生成的会话ID在浏览器中是相同的.

i've configured wamp in my system, and am doing the development cum testing in this local environment. i was working on the logout functionality, and happened to notice that the session ids being generated are same within the browser.

例如-chrome始终为所有用户生成会话ID = abc，即使在注销和登录后也是如此； IE始终会为所有用户生成会话ID = xyz.

Eg - chrome always generates session id = abc, for all users even after logging out and logging in; IE always generates session id = xyz, for all users.

这是wamp/我的测试环境的问题吗?

Is this an issue with wamp/ my test environment?

请在我的注销php脚本下面找到-

please find below my logout php script -

<?php
session_start();
$sessionid = session_id();
echo $sessionid;
session_unset(); 
session_destroy(); 
?>

推荐答案

您可能仍在其中包含具有旧会话ID的cookie，因为 session_destroy 都会删除该Cookie:

You probably still have the cookie with the old session ID in it as neither session_unset nor session_destroy deletes that cookie:

为了完全终止会话，就像注销用户一样，还必须取消设置会话ID.如果使用cookie传播会话ID(默认行为)，则必须删除会话cookie. setcookie()可以用于此.

因此，使用 setcookie 在注销后使会话ID cookie无效:

So use setcookie to invalidate the session ID cookie after logout:

if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

另一项建议是在使用 session_regenerate_id(true) 成功认证后重新生成会话ID.

Another recommendation is to regenerate the session ID after successful authentication using session_regenerate_id(true).

这篇关于为什么php在测试环境(WAMP)中每次都会生成相同的会话ID?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！