使用PHP注销设置Cookie的网站

时间:2014-12-08 18:32:00

标签: php authentication cookies admin logout

无法解决这个问题。我知道将这些信息存储在cookie中并不是最佳做法,但这是针对学校项目的,而我的教授只是要求这样做。

以下是您登录并设置Cookie的代码admin.php的:

<?php
if (!isset($_COOKIE['loggedIn'])) {
  if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
  } else if($_SERVER['PHP_AUTH_USER'] == "user1" &&
    $_SERVER['PHP_AUTH_PW'] == "pass1") {
    //make the cookie
    setcookie("loggedIn", "user1/pass1", time() + 60);
  } else {
    header('HTTP/1.0 401 Unauthorized');
    echo "Invalid Credentials";
    exit;
  }
} else {
  if (isset($_COOKIE['loggedIn']) && $_COOKIE['loggedIn'] == "user1/pass1") {
   //YAY DO NOTHING ITS ME
  } else {
    header('HTTP/1.0 401 Unauthorized');
    echo "Invalid Credentials";
    exit;
  }
}
?>

这是我试图删除cookie和Logout的代码,所以当你再次访问admin.php页面时,你将不得不再次输入凭据..但它似乎不起作用。
logout.php:

<?php 

    if(isset($_COOKIE[session_name()])):
            setcookie(session_name(), '', time()-7000000, '/');
        endif;

    if(isset($_COOKIE['loggedIn'])):
        setcookie('loggedIn', '', time()-7000000, '/');
    endif;

    session_start();
    session_unset();
    //unset($_SESSION["nome"]);  
    // where $_SESSION["nome"] is your own variable. if you do not have one use only this as follow **session_unset();**
    header("Location: index.php");

 ?>

提前感谢您的帮助!

1 个答案:

答案 0 :(得分:0)

在php.net上有一个非常全面的例子:http://php.net/manual/en/function.session-destroy.php 

<?php
session_start();

// Unset all of the session variables.
$_SESSION = array();

if(isset($_COOKIE[session_name()])):
    setcookie(session_name(), '', time()-7000000, '/');
endif;

if(isset($_COOKIE['loggedIn'])):
    setcookie('loggedIn', '', time()-7000000, '/');
endif;

// Check session cookies
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}

// Finally, destroy the session.
session_destroy();
//session_unset();
//unset($_SESSION["nome"]);  
// where $_SESSION["nome"] is your own variable. if you do not have one use only this as follow **session_unset();**
header("Location: index.php");

注意取消设置会话数组:$ _SESSION = array();删除会话cookie;并销毁会话:session_destroy();

谢谢,

安德鲁

相关问题
最新问题