为什么php在测试环境(WAMP)中每次都会生成相同的会话ID? [英] why is php generating the same session ids everytime in test environment (WAMP)?
问题描述
我已经在系统中配置了wamp,并且正在此本地环境中进行开发和测试.我正在使用注销功能,并且偶然发现正在生成的会话ID在浏览器中是相同的.
i've configured wamp in my system, and am doing the development cum testing in this local environment. i was working on the logout functionality, and happened to notice that the session ids being generated are same within the browser.
例如-chrome始终为所有用户生成会话ID = abc,即使在注销和登录后也是如此; IE始终会为所有用户生成会话ID = xyz.
Eg - chrome always generates session id = abc, for all users even after logging out and logging in; IE always generates session id = xyz, for all users.
这是wamp/我的测试环境的问题吗?
Is this an issue with wamp/ my test environment?
请在我的注销php脚本下面找到-
please find below my logout php script -
<?php
session_start();
$sessionid = session_id();
echo $sessionid;
session_unset();
session_destroy();
?>
推荐答案
您可能仍在其中包含具有旧会话ID的cookie,因为 session_destroy
都会删除该Cookie:
You probably still have the cookie with the old session ID in it as neither session_unset
nor session_destroy
deletes that cookie:
为了完全终止会话,就像注销用户一样,还必须取消设置会话ID.如果使用cookie传播会话ID(默认行为),则必须删除会话cookie.
setcookie()
可以用于此.
因此,使用 setcookie
在注销后使会话ID cookie无效:
So use setcookie
to invalidate the session ID cookie after logout:
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
另一项建议是在使用 session_regenerate_id(true)
成功认证后重新生成会话ID.
Another recommendation is to regenerate the session ID after successful authentication using session_regenerate_id(true)
.
这篇关于为什么php在测试环境(WAMP)中每次都会生成相同的会话ID?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!