PHP删除会话cookie?

时间:2016-03-03 16:53:36

标签: php session cookies

这就是我需要做的事情: 删除所有会话cookie并销毁服务器上的会话。 从浏览器中删除会话cookie。

<?php
session_start();
$name = session_name();
$expire = strtotime('-1 year');
$params = session_get_cookie_params();
$path = $params['path'];
$domain = $params['domain'];
$secure = $params['secure'];
$httponly = $params['httponly'];
setcookie($name, '', $expire, $path, $domain, $secure, $httponly);
unset($_SESSION["course_code"]);
unset($_SESSION["course_name"]);
unset($_SESSION["publisher"]);
session_unset();
session_destroy();

?>

这是否适当地做了需要做的事情?

1 个答案:

答案 0 :(得分:1)

在这里,您需要在循环中删除:

//when dealing with session always add session_start() on top
session_start();
//From PHP manual: Unset all of the session variables.
//No need to do in a loop for all $_SESSION[] keys
$_SESSION = array();

//For cookies you do similar, from PHP docs:
//http://php.net/manual/en/function.setcookie.php#73484

if (isset($_SERVER['HTTP_COOKIE'])) {
    $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
    foreach($cookies as $cookie) {
        $parts = explode('=', $cookie);
        $name = trim($parts[0]);
        setcookie($name, '', time()-1000);
        setcookie($name, '', time()-1000, '/');
    }
}
session_destroy();

PS:来自PHP手册: Only use session_unset() for older deprecated code that does not use $_SESSION.所以不要使用它。 session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie.

要在登录,注销和脚本的敏感区域安全地致电session_​regenerate_​id()

相关问题
最新问题