我已经制作了这个简单的登录脚本(无需访问数据库),但即使没有选中“记住我”按钮,会话仍保持活动状态(关闭浏览器后)。我该如何纠正这个......
<?php
define('LOGIN_URL', '/ab_batch/login/newlogin.php');
session_start();
$display_user = false;
$loginForm = [
'username' => [
'value' => '',
'error' => false,
'err_msg' => ''
],
];
if ( isset($_POST['submit']) ) {
$username = trim($_POST['username']);
$remember = ( isset($_POST['remember']) && '1' == $_POST['remember'] ) ? true : false ;
if ( empty($username) ) {
$loginForm['username']['error'] = true;
$loginForm['username']['err_msg'] = "required";
}
else {
$loginForm['username']['error'] = false;
$_SESSION['username'] = $username;
if ($remember) {
setcookie('my_cookie', $username, 180+time() , '/');
}
}
}
if ( isset($_GET['action']) && 'logout' == $_GET['action'] ) {
if ( isset($_COOKIE['my_cookie']) && !empty($_COOKIE['my_cookie']) ) {
setcookie('my_cookie' , null , -3600+time() , '/');
}
session_destroy();
header('Location: ' . LOGIN_URL);
exit();
}
$session_user = null;
if ( isset($_COOKIE['my_cookie']) && !empty($_COOKIE['my_cookie']) ) {
$_SESSION['username'] = $_COOKIE['my_cookie'];
}
if ( !$loginForm['username']['error'] && isset($_SESSION['username']) ) {
$session_user = $_SESSION['username'];
$display_user = true;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<style type="text/css">
.reqd {
color: red;
}
.result {
padding: 5px;
background-color: grey;
border: 1px solid black;
}
</style>
</head>
<body>
<?php if(!$display_user): ?>
<form action="" method="post">
<p>
<label for="username">Username: <span class="reqd">* <?php echo
$loginForm['username']['error'] ? $loginForm['username']['err_msg'] : ''; ?></span></label><br />
<input type="text" name="username" />
</p>
<p>
<label for="remember">Remember me </label>
<input type="checkbox" value="1" name="remember" />
</p>
<p>
<input type="submit" name="submit" value="Login" />
</p>
</form>
<?php else: ?>
<div class="result" >
<h3>Welcome <?php echo $session_user; ?> </h3>
<a href="?action=logout">Logout </a>
</div>
<?php endif; ?>
</body>
</html>
以下是源代码的链接
答案 0 :(得分:0)
由于浏览器已关闭,会话不会在服务器上过期。会话是服务器端。如果要在浏览器窗口关闭时结束会话,则需要编写一个在服务器上调用session_destroy()
的javascript AJAX请求。
<script type="text/javascript">
window.onbeforeunload = function (event) {
// Make an ajax call to run session_destroy() on server
$.ajax({url: "your.server.com/path/session_destroy.php", success: function(result){
console.log(result);
}});
}
</script>
然后你的服务器上会有一个名为session_destroy.php的文件。该文件将包含 -
<?php
session_destroy();
这是一个令人难以置信的基本实现,但应该完成你想要做的事情。
答案 1 :(得分:0)
试试这个:
ini_set('session.cookie_httponly', true);
ini_set('session.use_cookies', true);
ini_set('session.use_only_cookies', true);
ini_set('session.use_trans_sid', false);
我希望这有帮助!