这就是我需要做的事情: 删除所有会话cookie并销毁服务器上的会话。 从浏览器中删除会话cookie。
<?php
session_start();
$name = session_name();
$expire = strtotime('-1 year');
$params = session_get_cookie_params();
$path = $params['path'];
$domain = $params['domain'];
$secure = $params['secure'];
$httponly = $params['httponly'];
setcookie($name, '', $expire, $path, $domain, $secure, $httponly);
unset($_SESSION["course_code"]);
unset($_SESSION["course_name"]);
unset($_SESSION["publisher"]);
session_unset();
session_destroy();
?>
这是否适当地做了需要做的事情?
答案 0 :(得分:1)
在这里,您需要在循环中删除:
//when dealing with session always add session_start() on top
session_start();
//From PHP manual: Unset all of the session variables.
//No need to do in a loop for all $_SESSION[] keys
$_SESSION = array();
//For cookies you do similar, from PHP docs:
//http://php.net/manual/en/function.setcookie.php#73484
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
}
session_destroy();
PS:来自PHP手册:
Only use session_unset() for older deprecated code that does not use $_SESSION.
所以不要使用它。 session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie.
要在登录,注销和脚本的敏感区域安全地致电session_regenerate_id()
。