请考虑以下代码:
<?php
if (!session_id())
session_start();
echo session_id();
session_destroy();
?>
为什么每次刷新此页面时都会显示相同的会话ID,即使每次会话被销毁并重新创建?在会话销毁时会话ID是否被清除?
修改
我根据最喜欢的答案使用了这个更新的代码 - 然而,会话ID仍然存在!有什么想法吗?
if (!session_id())
session_start();
echo session_id();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
答案 0 :(得分:6)
session_destroy()会销毁与当前关联的所有数据 会话。 它不会取消任何与之关联的全局变量 会话,或取消设置会话cookie。使用会话变量 再一次,必须调用session_start()。
为了完全杀死会话,喜欢将用户注销掉, 会话ID也必须取消设置。如果使用cookie来传播 会话ID(默认行为),然后会话cookie必须是 删除。 setcookie()可以用于此。
http://php.net/manual/en/function.session-destroy.php
本手册附带一个代码示例:
示例#1销毁$ _SESSION会话
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
**更新**
PHP版本5.3.6-13 Linux lime 3.0.0-1-686-pae#1 SMP Wed Aug 17 04:28:34 UTC 2011 i686
Apache / 2.2.19(Debian)
会话设置(phpinfo)
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 0 0
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php5 /var/lib/php5
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
<强>更新
因此。以下设置会导致同样的问题。 if,并且仅当我将会话ID设置为请求参数locahost?PHPSESSID=whatever
时ini_set('session.auto_start', 'on');
ini_set('session.use_trans_sid', 'on');
ini_set('session.use_cookies', 'off');
ini_set('session.use_only_cookies', 'off');
if(!session_id())
session_start();
echo session_id();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
重要: 此设置对会话劫持[Session fixation]
很有价值答案 1 :(得分:0)
它不会破坏你的sessionID
所以你只使用
<?php
session_start();
echo session_id();
session_destroy();
?>