用户注销后,PHP 会话不会销毁 [英] PHP Session is not destroying after user logout
问题描述
我正在尝试为我的 PHP 应用程序创建身份验证机制,但在破坏会话时遇到了困难.我尝试取消设置先前在会话数组中设置的身份验证令牌并通过
I'm trying to create an authentication mechanism for my PHP Application and I'm having difficulty destroying the session. I've tried unsetting the authentication token which was previously set within the session array and destroying the session through
session_destroy,
以及在销毁会话之前完全重置会话数组.我正在调用头函数并在函数调用结束时返回到我的 index.php 页面.我也试过
as well as resetting the session array completely before destroying the session. I'm calling the header function and going back to my index.php page at the end of the function calls. I've also tried
session_write_close
处理关闭会话.当我注销用户时,我对会话进行了 vardump,它显示没有数据存在,但是当我返回 index.php 页面时,我正在取回用户身份验证数据.我还对 Post 数据进行了 vardump,以确保我不会以某种方式重新提交 post 身份验证处理程序.
to handle closing the session. When I log the user out, I do a vardump of the session, and It shows no data present, however when I go back to the index.php page, I'm getting back the user authentication data. I also did a vardump of the Post data just to ensure I'm not somehow resubmitting the post authentication handler.
有什么建议可以在这里做什么吗?
Any suggestions on what to do here?
推荐答案
首先,请确保在调用 session_destroy(); 之前调用 session_start(); 因为如果您不这样做,它只会发出警告.
First, make sure you're calling session_start(); before calling session_destroy(); because it will only issue a warning if you don't.
此外,来自 PHP:session_destroy:
为了完全终止会话,比如注销用户,会话 ID 也必须取消设置.如果使用 cookie 来传播会话 ID(默认行为),则必须删除会话 cookie.setcookie() 可用于此目的.
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
这篇关于用户注销后,PHP 会话不会销毁的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
