从网站完全注销用户 [英] logging out a user completely from a website
问题描述
我有一个 PHP login 和注销脚本,我想要实现的是,当用户单击注销链接时,他完全注销,无论单击浏览器,并且不希望用户访问该页面.他们应该被重定向到 login 页面
I have a PHP login and log out script and what I'm trying to achieve is that when the user click on the log out link he completely logs out, regardless clicking the back button of the browser, and do not want the user to access the page.they should be redirected to the login page
这是登录功能
function loggedin() {
if ( isset($_SESSION['user_id']) && !empty($_SESSION['user_id']) ) {
return true;
} else{
return false;
}
}
这是我的注销脚本
<?php
include 'includes/connect.php';
include 'includes/functions.php';
session_destroy();
header('location: index.php');
?>
我怎样才能做到这一点??
how can i achieve this??
推荐答案
问题是从网站完全注销用户,而不仅仅是如何销毁 PHP 会话em>,所以我的答案会更复杂一些.
The question was logging out a user completely from a website and not just how do I destroy a PHP session, so my answer will be somewhat more complex.
由于您使用 PHP 的 $_SESSION 功能来处理用户会话,您可以特别将当前会话 ID 与用户帐户相关联.然后您可以轻松地强制会话过期.
Since you're using PHP's $_SESSION functionality to handle the user sessions, you can, in particular, tie the current session IDs to the user accounts. Then you can easily force the session to expire.
比如在用户数据库中新建一个字段,并命名为active_session_id之类的.每次用户登录时,保存session_id() 输出给它.然后在您的 loggedin() 函数内部检查 <当前请求的code>session_id()与用户登录时保存的匹配,如果不匹配,函数将返回false,所以这就是你虚拟结束用户的方式会议.IE.即使它实际上仍然存在,它也不再有效.
For example, create a new field in the user database, and call it active_session_id or something. Every time a user logs in, save the session_id() output to it. Then inside of your loggedin() function check if the session_id() of the current request matches the one saved when the user was logging in, and if it does not match, the function will return false, so this is how you virtually end a user session. I.e. even though it will still actually be there, it will not be valid anymore.
值得注意的是,上面的解决方案是一种一对一关系,即一个用户将只能有一个活动会话.如果你想允许用户同时来自不同的地方,你必须通过创建一个名为 e.g. 的新表来维护一个 one-to-many 关系.users_sessions 并将会话 ID 保存在那里.请不要在当前用户表中创建其他字段,如 active_session_id_1、active_session_id_2 等,因为这不被认为是一种好的做法.
It is worth noting that the solution above would be sort of a one-to-one relation, i.e. one user will be able to have only one active session. If you want to allow users to come from different places at the same time, you'll have to maintain a one-to-many relation there by creating a new table called e.g. users_sessions and saving the session IDs there. Please do not create another fields in the current users table like active_session_id_1, active_session_id_2 etc. because it is not considered to be a good practice.
希望能帮到你
这篇关于从网站完全注销用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
