如何终止PHP会话? [英] How do I kill a PHP session?

问题描述

我正在编写一个社交网站，并且试图找出PHP会话.在登录页面的顶部，我调用session_destroy()，并在新用户正式注册为用户的页面和用户主页上调用session_start().当用户注销时，他们将链接到具有session_destroy的主页，但是无论我输入什么用户名或密码，我都可以以刚刚注销的用户身份重新登录.这是我第一次使用会话，因此我想知道应该将session_destroy放在哪里，这样当我注销时它实际上会破坏会话.

I am writing a social networking site, and I am trying to figure out PHP sessions. At the top of the login page, I call session_destroy(), and I call session_start() at the page where new users are officially registered as users and at the user homepage. When a user logs out, they are linked to the home page that has session_destroy, but then I can log back in as whatever user just logged out, no matter what username or password I enter. This is my first time working with sessions, so I'm wondering where I'm supposed to put session_destroy so it actually destroys the session when I logout.

推荐答案

使用 session_destroy 破坏会话数据和 session_unset 分别清除$_SESSION变量.

此外，在尝试进行身份验证以更改当前会话的ID并销毁仍与旧会话ID关联的会话数据后，调用session_regenerate_id(true).

Furthermore, call session_regenerate_id(true) after an authentication attempt to change the current session’s ID and destroy the session data that is still associated to the old session ID.

这篇关于如何终止PHP会话?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！