[英]PHP sessions in HTACCESS - timeout
I'm debugging a infinite loop problem in PHP in my "logout" routine. 我正在“注销”例程中调试PHP中的无限循环问题。
if($_SESSION)
{
session_unset();
session_destroy();
}
sleep(1);
header('7location: http://accounts.DOMAIN.com/');
exit;
in my main / initial.inc.php script i have :- 在我的主要/ initial.inc.php脚本中,我有:-
$sess=0;
$sess=$_SESSION['loggedin'];
foreach($_SESSION as $asw => $asd)
{
$logrep.="SESSW '$asw' '$asd'\n";
}
if($sess>0)
{
if($sess<$ty)
{
$logrep.="is timed out - logging out\n";
header('Location: http://accounts.DOMAIN.com/logout/');
exit;
Theres a bit more code which i've taken out - but in my 'logout' script Ive got DESTROY / UNSET etc - 我已经删除了更多代码-但在我的“注销”脚本中,我已经破坏了/设置了-
but when it redirects to my inward script, my sessions STILL EXIST ? 但是当它重定向到我的内部脚本时,我的会话仍然存在吗? - & then it determines i'm timed out, & redirects to my logout routine.
-&然后确定我超时,&重定向到我的注销例程。
QUERY: is there a fool-proof way to remove / eliminate ALL sessions ? 查询:是否有一种简单的方法来删除/消除所有会话?
QUERY :- 查询:
$previous_name = session_name("NAME");
session_save_path("$directory");
session_start();
Is there a php.ini line i can use, to replace session_name so that all/any PHP scripts are using the same name ? 我是否可以使用php.ini行来替换session_name,以便所有/任何PHP脚本都使用相同的名称? (just in case there are some scripts not using the named session.)
(以防某些脚本未使用命名会话。)
EDIT :- 编辑:-
If i use 如果我用
session_unset();
session_destroy();
will it destroy ALL sessions ? 会破坏所有会话吗? or just the currently-named one ?
还是仅是当前命名的一个? (I suspect some of my scripts aren't using the named session)
(我怀疑我的某些脚本未使用命名会话)
Ps - scripts are in different directories / subdomains. ps-脚本位于不同的目录/子域中。
EDIT 2 :- 编辑2:-
Ive now chanmged my script to :- 我已经将脚本改成:-
$sess=0;
$logrep.="SESS NOW '$sess'\n";
$logrep.=var_dump( $sess=$_SESSION['loggedin']);
$logrep.="SESSNOW2 - '$sess'\n\n\n";
$text.="Logged in time $sess\n";
$logrep.="\nSESS = $sess\n";
$temp2=time();
$temp1=($sess-$temp2);
$logrep.="IFF SESS $sess > TIME $time - TEMP $temp1\n";
if($sess>0)
{
- redirect to log out routine ....
(some code removed) (已删除一些代码)
RESULT :- 结果:-
OLD SESS - '1391680203'
SESS NOW '0'
SESSNOW2 - '1391680203'
Apparently, my sessions are NOT being deleted / removed. 显然,我的会话没有被删除/删除。
I would guess that your file 'initial.inc.php' is included in the top of every scripts. 我想您的文件“ initial.inc.php”包含在每个脚本的顶部。
On your logged out page, you have : 在注销的页面上,您有:
session_unset(); session_unset(); session_destroy();
session_destroy();
At this stage, your session is destroyed. 在此阶段,您的会话已被破坏。 Then you do
那你做
header('location: http://accounts.DOMAIN.com/ '); header('location: http : //accounts.DOMAIN.com/ ');
Which executes 'initial.inc.php'; 执行'initial.inc.php';
I assume that you have at the start of initial.inc.php 'session_start();, because you have 我假设您在initial.inc.php'session_start();的开头,因为您有
$sess=$_SESSION['loggedin'];
And it doesn't seems it throws a warning because of the session being missing. 而且似乎由于会话丢失而不会发出警告。 So your session is re-created in your initial.inc.php file.
因此,您的会话将在initial.inc.php文件中重新创建。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.