如何在客户端计算机上删除PHPSESSID [英] How do I delete PHPSESSID on client computers

问题描述

问题更新:

• 在某些浏览器中，我们有两个PHPSESSID.
• 我在脚本的任何地方都没有设置一个PHPSESSID
• 它具有HOST(而不是我设置的PHPSESSID的DOMAIN)作为www.mywebsite.com
• 我尝试使用setcookie:setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/', 'www.mywebsite.com');删除它，但是失败.
• 尝试使用以下命令删除cookie:setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/');导致我设置的PHPSESSID被删除.
• 我尝试使用session_name重命名我设置的SESSION.可以，但是几分钟后几次使我的服务器崩溃.
• 我没办法了.

• On some browsers, we have two PHPSESSIDs.
• One PHPSESSID is not set by me anywhere in my script
• It has HOST (instead of DOMAIN for the PHPSESSID I set) as www.mywebsite.com
• I have tried deleting it using setcookie: setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/', 'www.mywebsite.com'); but this fails.
• An attempt to delete cookie using: setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/'); results in the PHPSESSID I set being deleted.
• I have tried using session_name to rename the SESSION I set. This works but crashed my server severally after some minutes.
• I am out of options.

我正在我的网站上进行PHP会话.

I am working with PHP sessions on my website.

会话路径为/folder，后来我更改为/以适应新的目的.

The session path was /folder, later on I changed to / to fit the new purpose.

现在，旧用户无法登录.

Now, old users cant login.

似乎他们现在在他们的浏览器中存储了两个PHPSESSID-一个带有路径/folder，另一个带有/.

It seems they now have two PHPSESSIDs stored on their browsers - one with path /folder and the other /.

我该怎么做以确保旧用户可以登录，同时确保会话在站点范围内显示为"/".

What can I do to ensure that old users can login while ensuring that the session is sitewide with "/".

更多信息

当我说两个phpsessionid时，请参考图片

When I said two phpsessionid, refer to the image

1. 如果我使用
，则登录有效

A. session_set_cookie_params(864000, '/cv', '.website.com', 0, 1);

但是如果我使用，将无法正常工作

but fails to work if I use:

B. session_set_cookie_params(864000, '/', '.website.com', 0, 1);

• 如果我使用上述版本2A，则该会话仅在/cv中可用，而在其他网站文件夹中则不可用./文件夹.

使用JAVASCRIPT删除PHPSESSID的更新

• 当我运行alert(document.cookie)时，它将显示除PHPSESSID之外的所有cookie
• 因此，所有删除PHPSESSID cookie的尝试都会失败，而其他cookie可以删除.

使用PHP删除PHPSESSID的更新

• 当我var_dump($_COOKIE['PHPSESSID']);时，返回的是路径为/cv的PHPSESSID的值
• 尝试用setcookie ("PHPSESSID", "", time() - 3600);删除失败.

• When I var_dump($_COOKIE['PHPSESSID']); what is returned is the value of the PHPSESSID with path /cv
• An attempt to delete with setcookie ("PHPSESSID", "", time() - 3600); fails.

推荐答案

我认为您正在混淆，否则您应该详细了解设置/问题.

I think you are mixing up things or you should go into more detail about your setup/problem.

PHP的会话路径是会话数据在服务器(而不是客户端)上存储的位置.请参阅文档: https://secure.php .net/manual/en/session.configuration.php#ini.session.save-path

PHP's session path is the location where session data is stored on your server, not the client. See the documentation: https://secure.php.net/manual/en/session.configuration.php#ini.session.save-path

您可以移动这些文件，并在发生碰撞的情况下更换/保留适合您的外观.这几乎仅受访问/移动内容时的读取/写入权限的限制，并且您的Web服务器用户(例如apache或nginx)或php用户具有从新位置读取/写入新位置的权限.

You can move these files and replace/keep in case of collisions how you see fit. This is pretty much only restricted by read/write-permissions you have when accessing/moving stuff and your webserver-user (e.g. apache or nginx) or php-user has for reading/writing them from/to the new location.

如果通过浏览器中的PHPSESSID"表示会话ID是您的url的一部分，那就是不同的PHP设置，无论如何都应禁用它，请参见文档中的注意事项:

If by "PHPSESSID in their browser" you mean the session id is part of your urls, that is a different PHP-setting, that should be disabled anyway, see notice in the documentation: https://secure.php.net/manual/en/session.configuration.php#ini.session.use-trans-sid

根据您更新的问题进行

已经有一个不错的基于JS的解决方案，用于使旧的cookie过期.我会同意的.如果您不能这样做，则可以重定向到/cv，该脚本中有一个php脚本，该脚本读取cookie，并将数据存储在某个位置(例如，基于user_id的数据库)，并使cookie过期.然后，您可以重定向到旧页面，查找"/"-cookie并还原数据.这是一个非常丑陋的hack，但是我认为您无法在PHP中获取每个路径的cookie，因为它是服务器端的，并且基于客户端提供的会话ID(但是我可能错了).

There already is a nice JS-based solution for expiring the old cookie. I would go with that. if you can't just do that, you could do a redirect to /cv have a php-script there that reads the cookie and stores the data somewhere (a database for example based on the user_id) and expire the cookie. Then you can redirect to the old page, look for the "/"-cookie and restore the data. It's a very ugly hack, but I don't think you can get the cookie for each path in PHP, since it's server side and based on the session id provided by the client (but I might be wrong).

这篇关于如何在客户端计算机上删除PHPSESSID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！