PHP - why can#39;t I get rid of this session id cookie?(PHP - 为什么我不能摆脱这个会话 ID cookie?)
问题描述
我正在尝试对网络应用的注销功能进行故障排除.当您登录时,该应用程序为其域设置了多个 cookie.这是当前的注销程序:
I'm trying to troubleshoot a logout function for a web app. When you're logged in, the app has several cookies set for its domain. Here's the current logout procedure:
- 您单击一个链接,该链接会将您转到注销页面
- 注销页面运行一个函数,该函数调用
session_destroy()
并循环访问域的所有 cookie 并将它们设置为过去过期(请参阅下面的代码) - 注销页面然后重定向到登录页面,这是纯 HTML.
- You click a link, which sends you to a logout page
- The logout page runs a function that calls
session_destroy()
and also loops through all the cookies for the domain and sets them to expire in the past (see code below) - The logout page then redirects to a login page, which is straight HTML.
在此过程结束时,所有其他 cookie 都未设置,但 PHPSESSID
cookie 仍然存在,具有相同的值,并且仍设置为在会话结束时过期.
At the end of this process, all the other cookies are unset, but the PHPSESSID
cookie is still there, has the same value, and is still set to expire at the end of the session.
我在这里遗漏了什么?
这是我上面提到的注销功能:
Here's the logout function I mentioned above:
function log_out_current_user() {
// Destroy the session
if (isset($_SESSION)) {
session_destroy();
}
// Expire all of the user's cookies for this domain:
// give them a blank value and set them to expire
// in the past
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
// Explicitly unset this cookie - shouldn't be redundant,
// but it doesn't hurt to try
setcookie('PHPSESSID', '', time()-1000);
}
}
推荐答案
您没有使用与创建时相同的参数来删除它.使用 session_get_cookie_params
来获取这些.为了便于携带,您应该通过 session_name
获取 cookie 的名称.这是一个小脚本来做到这一点:
You are not removing it with the same parameters as it was created. Use session_get_cookie_params
to obtain those. To be portable you should get the name of the cookie via session_name
. Here's a small script to do that:
$params = session_get_cookie_params();
setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
这篇关于PHP - 为什么我不能摆脱这个会话 ID cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:PHP - 为什么我不能摆脱这个会话 ID cookie?
基础教程推荐
- Doctrine 2 - 在多对多关系中记录更改 2022-01-01
- 找不到类“AppHttpControllersDB",我也无法使用新模型 2022-01-01
- 在 CakePHP 2.0 中使用 Html Helper 时未定义的变量 2021-01-01
- 使用 PDO 转义列名 2021-01-01
- 在 yii2 中迁移时出现异常“找不到驱动程序" 2022-01-01
- 如何在 Symfony 和 Doctrine 中实现多对多和一对多? 2022-01-01
- 如何在 XAMPP 上启用 mysqli? 2021-01-01
- PHP 守护进程/worker 环境 2022-01-01
- HTTP 与 FTP 上传 2021-01-01
- phpmyadmin 错误“#1062 - 密钥 1 的重复条目‘1’" 2022-01-01