(PHP)如何正确销毁会话cookie? [英] (PHP) How to destroy the session cookie correctly?
问题描述
我正在尝试正确登出管理员用户。这是我的函数:
I'm trying to correctly log out of an admin user. Here is my function:
function logout()
{
$_SESSION = array(); //destroy all of the session variables
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
}
基本上,一旦我验证了密码,我将会话设置为有效只有1个用户)。现在,当管理员命中注销时,我想销毁当前会话,并且还销毁cookie,以便他们不能回到使用浏览器中存储的会话cookie的管理页面。但我的代码不工作。我点击注销,我可以直接导航回到管理页面。然而,如果我删除我的cookie,功能是完美的。所以这里的cookie删除功能有什么问题?
Basically, once I authenticate the password, I set the session as being valid (only 1 user total). Now, when the admin hits logout, I want to destroy the current session, and also destroy the cookie, so that they can't just go back to the admin page using the stored session cookie in the browser. but my code doesn't work. i hit logout, and i can just directly navigate back to the admin page. however, if i delete my cookies, the functionality is perfect. so what's wrong with the cookie deleting function here?
推荐答案
也许你的问题不是cookie,但是浏览器显示缓存版本的管理页面。可能是?如果当您点击 F5 时消失,可能是。这可以通过设置正确的 cache-control 头来进行排序。
Maybe your problem is not the cookie, but the browser showing a cached version of your admin page. Could that be? If it disappears when you hit F5, it's probably that. This can be sorted by setting the right cache-control headers.
签出this SO question 关于如何设置缓存的问题。问题是关于完全相反的方式(强制浏览器缓存),但你会找出更改以关闭缓存。
Check out this SO question on the issue of how to set caching. The question is about exactly the other way round (forcing browsers to cache) but you'll figure out what to change to turn caching off.
这篇关于(PHP)如何正确销毁会话cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
