如何杀死一个/所有 php 会话? [英] How to kill a/all php sessions?

问题描述

我有一个非常基本的 php 会话登录脚本.我想强制退出某个用户或强制退出所有用户.

I have a very basic php session login script. I want to force logout of a certain user or force logout of all users.

如何读取对我的网站进行的所有会话，并销毁部分或所有会话?

How can I read all sessions made to my website, and destroy some or all sessions?

推荐答案

你可以尝试强制 PHP 删除所有会话

You could try to force PHP to delete all the sessions by doing

ini_set('session.gc_max_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1);

这迫使 PHP 将所有会话视为具有 0 秒的生命周期，并且有 100% 的可能性被清除.

That forces PHP to treat all sessions as having a 0-second lifetime, and a 100% probability of getting cleaned up.

缺点是，无论哪个不幸的用户先运行它都会在 PHP 进行清理时暂停很长时间，尤其是在有大量会话文件要处理的情况下.

The drawback is that whichever unlucky user runs this first will get a long pause while PHP does cleanup, especially if there's a lot of session files to go through.

对于某个特定用户，您必须向会话处理程序添加一些代码:

For one particular user, you'd have to add some code to your session handler:

 if ($_SESSION['username'] == 'user to delete') {
     session_destroy();
 }

PHP 的垃圾收集器是不可控的，所以你不能给它参数，比如删除除用户 X 之外的所有会话".它严格查看会话文件上最后修改/最后访问的时间戳，并将其与 max_lifetime 设置进行比较.它实际上并不处理会话数据.

PHP's garbage collector isn't controllable, so you can't give it parameters such as "delete all sessions except for user X's". It looks strictly at the last-modified/last-accessed timestamps on the session files and compares that to the max_lifetime setting. It doesn't actually process the session data.

这篇关于如何杀死一个/所有 php 会话?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！