使用PHP登出设置Cookie的网站
[英]Using PHP to logout of a site where a Cookie was set
问题描述
having trouble figuring this one out. 
很难弄清楚这一点。 I know that it's not best practice to store this information in a cookie, but it's for a school project and my professor just asked to do it this way. 我知道将这些信息存储在cookie中不是最佳实践,但这是针对学校项目的,而我的教授只是要求这样做。
Here is the code where you log in and the cookie is set | 这是您登录并设置cookie的代码| admin.php: admin.php的:
' “
<?php
if (!isset($_COOKIE['loggedIn'])) {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else if($_SERVER['PHP_AUTH_USER'] == "user1" &&
$_SERVER['PHP_AUTH_PW'] == "pass1") {
//make the cookie
setcookie("loggedIn", "user1/pass1", time() + 60);
} else {
header('HTTP/1.0 401 Unauthorized');
echo "Invalid Credentials";
exit;
}
} else {
if (isset($_COOKIE['loggedIn']) && $_COOKIE['loggedIn'] == "user1/pass1") {
//YAY DO NOTHING ITS ME
} else {
header('HTTP/1.0 401 Unauthorized');
echo "Invalid Credentials";
exit;
}
}
?>
' “
And here is the code that I was trying to run to delete the cookie and Logout, so when you visit the admin.php page again you would have to enter the credentials again.. but it doesn't seem to work. 这是我尝试运行以删除Cookie和注销的代码,因此当您再次访问admin.php页面时,您将不得不再次输入凭据..但它似乎不起作用。
logout.php : logout.php:
' “
<?php
if(isset($_COOKIE[session_name()])):
setcookie(session_name(), '', time()-7000000, '/');
endif;
if(isset($_COOKIE['loggedIn'])):
setcookie('loggedIn', '', time()-7000000, '/');
endif;
session_start();
session_unset();
//unset($_SESSION["nome"]);
// where $_SESSION["nome"] is your own variable. if you do not have one use only this as follow **session_unset();**
header("Location: index.php");
?>
' “
Thanks in advance for any help! 在此先感谢您的帮助!
1 个解决方案
解决方案1
0 2014-12-08 18:38:43
There's a pretty comprehensive example on php.net: http://php.net/manual/en/function.session-destroy.php php.net上有一个非常全面的示例: http : //php.net/manual/en/function.session-destroy.php
<?php
session_start();
// Unset all of the session variables.
$_SESSION = array();
if(isset($_COOKIE[session_name()])):
setcookie(session_name(), '', time()-7000000, '/');
endif;
if(isset($_COOKIE['loggedIn'])):
setcookie('loggedIn', '', time()-7000000, '/');
endif;
// Check session cookies
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
// Finally, destroy the session.
session_destroy();
//session_unset();
//unset($_SESSION["nome"]);
// where $_SESSION["nome"] is your own variable. if you do not have one use only this as follow **session_unset();**
header("Location: index.php");
Notice unsetting the session array: $_SESSION = array(); 注意取消设置会话数组:$ _SESSION = array(); deleting the session cookie; 删除会话cookie; and destroying the session: session_destroy(); 并销毁会话:session_destroy();
Thanks, 谢谢,
Andrew 安德鲁
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.