关闭浏览器后,PHP会话保持活动状态

时间:2016-06-03 14:09:18

标签: php session cookies login

我已经制作了这个简单的登录脚本(无需访问数据库),但即使没有选中“记住我”按钮,会话仍保持活动状态(关闭浏览器后)。我该如何纠正这个......

<?php

define('LOGIN_URL', '/ab_batch/login/newlogin.php');

session_start();

$display_user = false;

$loginForm = [
  'username' => [
      'value' => '',
      'error' => false,
      'err_msg' => ''
  ],  

];

    if ( isset($_POST['submit']) ) {

        $username = trim($_POST['username']);
        $remember = ( isset($_POST['remember']) && '1' == $_POST['remember'] ) ? true : false ;

        if ( empty($username) ) {

            $loginForm['username']['error'] = true;
            $loginForm['username']['err_msg'] = "required";
        }

        else {

            $loginForm['username']['error'] = false;

            $_SESSION['username'] = $username;

           if ($remember) {
            setcookie('my_cookie', $username, 180+time() , '/');

           } 

        }



    }


    if ( isset($_GET['action']) && 'logout' == $_GET['action'] ) {

        if ( isset($_COOKIE['my_cookie']) && !empty($_COOKIE['my_cookie']) ) {

            setcookie('my_cookie' , null , -3600+time() , '/');

        } 

        session_destroy();

        header('Location: ' .  LOGIN_URL);
        exit();
    }


    $session_user = null;

    if ( isset($_COOKIE['my_cookie']) && !empty($_COOKIE['my_cookie']) ) {

        $_SESSION['username'] = $_COOKIE['my_cookie'];

    } 

    if ( !$loginForm['username']['error'] && isset($_SESSION['username']) ) {
        $session_user = $_SESSION['username'];
        $display_user = true;


    }

?>

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8">
        <title>Login</title>

        <style type="text/css">

            .reqd {

                color: red;
            }

            .result {

                padding: 5px;
                background-color: grey;
                border: 1px solid black;
            }

        </style>
    </head>
    <body>

        <?php if(!$display_user): ?>
        <form action="" method="post">

            <p>
                <label for="username">Username: <span class="reqd">* <?php echo
                $loginForm['username']['error'] ? $loginForm['username']['err_msg'] : ''; ?></span></label><br />
                <input type="text" name="username" />
            </p>

            <p>
                <label for="remember">Remember me </label>
                <input type="checkbox" value="1" name="remember" />
            </p>
            <p>
                <input type="submit" name="submit" value="Login" />
            </p>
        </form>


        <?php else: ?>

        <div class="result" >
            <h3>Welcome <?php echo $session_user; ?> </h3>
            <a href="?action=logout">Logout </a>
        </div>

        <?php        endif; ?>
    </body>
</html>

以下是源代码的链接

Browser

2 个答案:

答案 0 :(得分:0)

由于浏览器已关闭,会话不会在服务器上过期。会话是服务器端。如果要在浏览器窗口关闭时结束会话,则需要编写一个在服务器上调用session_destroy()的javascript AJAX请求。

<script type="text/javascript">
   window.onbeforeunload = function (event) {
       // Make an ajax call to run session_destroy() on server
       $.ajax({url: "your.server.com/path/session_destroy.php", success: function(result){
          console.log(result);
       }});
   }
</script>

然后你的服务器上会有一个名为session_destroy.php的文件。该文件将包含 -

<?php

session_destroy();

这是一个令人难以置信的基本实现,但应该完成你想要做的事情。

答案 1 :(得分:0)

试试这个:

ini_set('session.cookie_httponly', true);
ini_set('session.use_cookies', true); 
ini_set('session.use_only_cookies', true); 
ini_set('session.use_trans_sid', false);

我希望这有帮助!