错误 — session_destroy() — 试图销毁未初始化的会话 [英] Error — session_destroy() — Trying to destroy uninitialized session

问题描述

我在 PHP 代码中使用 session_destroy() 时遇到错误.

I'm getting an error using session_destroy() in my PHP code.

以下脚本在每个页面上，如果用户登录，它会检查会话是否有效，如果无效则终止会话.

The following script is on every page and if a user is signed in, it checks if the session is valid or not, killing the session if it's not.

session_start();

// check for users already signed in and check session
if (isset($_SESSION['user_id'])) {
    $uid = $_SESSION['user_id'];

    // check user_id is a valid id
    if (!is_numeric($uid) || $uid < 0) {
        session_unset();
        session_destroy();
        session_regenerate_id(true);
    }

    // if user agent is different, kill session
    if ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']) {
        session_unset();
        session_destroy();
        session_regenerate_id(true);
    }

    // if user's last login record fails to match session_id, kill session
    $SQL = "SELECT user_session FROM users_logins ";
    $SQL .= "WHERE user_id = :user_id ";
    $SQL .= "ORDER BY time_in DESC LIMIT 1;";
    $STH = $DBH_P->prepare($SQL);
    $STH->bindParam(':user_id', $uid);
    $STH->execute();
    $row = $STH->fetch();
    if ($STH->rowCount() > 0) {
        $db_sid = $row['user_session'];
    }
    if ($db_sid !== session_id()) {
        session_unset();
        session_destroy();
        session_regenerate_id(true);
    }
}

我收到的错误表明失败来自最后一次 session_destroy() 调用.

The error I receive indicates the failure is coming from the last session_destroy() call.

我是否正确使用了 session_destroy()?我已经阅读了此处的其他问题，但大多数答案都建议在销毁之前必须使用 session_start()，但在检查开始之前，我已经在顶部启动了会话.

Am I using session_destroy() correctly or not? I have read other questions on here but most answers advise that session_start() must be used before destroying it, but I have started the session at the top, before the check begins.

推荐答案

你在那里做了一些疯狂的事情(但你需要和你自己协商，我的回答中没有涉及)，你看到的原因错误信息很简单:

You do some crazy stuff there (but you need to negotiate that with your own, I don't cover it in my answer), the reason why you see the error message is quite simple:

 session_regenerate_id(true);

正在命令 PHP 销毁旧会话.问题是，你已经这样做了，前一行:

is commanding PHP to destroy the old session. Problem is, you already did that, one line earlier:

 session_destroy();
 session_regenerate_id(true);

所以只是从上面看.没有理由以强迫症的方式将尽可能多的函数抛出到您的会话处理中(但实际上并不了解/了解).相反，如果您想在其中放置一些安全网，则采用旨在完成这项工作的一个函数并实际处理它的返回值.那会更有帮助.

So just take a view from above. There is no reason in an OCD manner to throw as many functions as you see fit (but actually don't understand/know well) onto your session processing. Instead take the one function that is intended to do the job and actually process it's return value if you want to put some safety net in there actually. That would be more helpful.

这篇关于错误 — session_destroy() — 试图销毁未初始化的会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！