当用户点击注销按钮时,我会连接到一个简单执行此操作的脚本
session_destroy();
session_start();
我认为这足以重置所有 $_SESSION 变量,例如 $_SESSION['logged'] 和 $_SESSION['username'] 但当我再次加载该页面时,它会自动让我登录,就好像 session 仍然处于事件状态一样。
最佳答案
It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
它还给出了一个如何这样做的例子:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
只需清除数组就足以让用户注销;它们仍将具有相同的 session ID,但 $_SESSION 将为空,因此 $_SESSION['logged'] 和 $_SESSION['username'] 将不存在
关于php - session 销毁是否不足以清理 session ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/2936870/