(PHP) 如何正确销毁会话cookie? [英] (PHP) How to destroy the session cookie correctly?
问题描述
我正在尝试正确注销管理员用户.这是我的功能:
I'm trying to correctly log out of an admin user. Here is my function:
function logout()
{
$_SESSION = array(); //destroy all of the session variables
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
}
基本上,一旦我验证了密码,我就会将会话设置为有效(总共只有 1 个用户).现在,当管理员点击注销时,我想销毁当前会话,并销毁 cookie,这样他们就不能使用浏览器中存储的会话 cookie 返回管理页面.但我的代码不起作用.我点击注销,我可以直接导航回管理页面.但是,如果我删除我的 cookie,该功能是完美的.那么这里的cookie删除功能有什么问题?
Basically, once I authenticate the password, I set the session as being valid (only 1 user total). Now, when the admin hits logout, I want to destroy the current session, and also destroy the cookie, so that they can't just go back to the admin page using the stored session cookie in the browser. but my code doesn't work. i hit logout, and i can just directly navigate back to the admin page. however, if i delete my cookies, the functionality is perfect. so what's wrong with the cookie deleting function here?
推荐答案
也许您的问题不是 cookie,而是浏览器显示管理页面的缓存版本.那可能吗?如果当您按 F5 时它消失了,可能就是这样.这可以通过设置正确的 cache-control 标头来排序.
Maybe your problem is not the cookie, but the browser showing a cached version of your admin page. Could that be? If it disappears when you hit F5, it's probably that. This can be sorted by setting the right cache-control headers.
查看这个问题 关于如何设置缓存的问题.问题恰恰相反(强制浏览器缓存),但您会弄清楚要更改什么才能关闭缓存.
Check out this SO question on the issue of how to set caching. The question is about exactly the other way round (forcing browsers to cache) but you'll figure out what to change to turn caching off.
这篇关于(PHP) 如何正确销毁会话cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
