关于session_destroy的晦涩
[英]obscurity about session_destroy
问题描述
i have searched and searched and read and read a lot about what exactly session_destroy does ! 
我已经搜索,搜索并阅读了很多有关session_destroy的功能的信息! but no result at least for me ! 但至少对我来说没有结果! first read the details below : 首先阅读以下详细信息:
When a session is created (session_start) a file is created with a unique identifier that is given to the user as a cookie, when variables in the $_SESSION array are modified or added the temporary file is updated with that information so that it can be used somewhere else on the website.*
session_destroy* will delete this file, this is commonly done for when a user logs out of your website so that the (now useless and unnecessary) file isn't taking up space.
we know that session id is stored in session cookie and as the tutorials say , session destroy removes the session cookie file (that includes session_id ) so why when i started a new session it didn't generate a new id ! 我们知道会话ID存储在会话Cookie中,并且正如教程中所说,session destroy会删除会话Cookie文件(包括session_id),所以为什么当我开始一个新会话时却没有生成新的ID! it makes me confused ! 这让我感到困惑! look at the example : 看例子:
<?php
session_start();
echo session_id();
session_destroy();
session_start();
echo "---".session_id();
?>
result : l4k80dkrl5kd6cdlobhbu5s3i1---l4k80dkrl5kd6cdlobhbu5s3i1 结果:l4k80dkrl5kd6cdlobhbu5s3i1 --- l4k80dkrl5kd6cdlobhbu5s3i1
so it gives me the session id same as the previous one . 因此它给我的会话ID与上一个相同。
so what does session_destroy really do !! 那么session_destroy到底能做什么呢! ? ?
thanks in advance 提前致谢
2 个解决方案
解决方案1
2 已采纳 2015-09-03 09:34:49
From PHP documentation: 从PHP文档:
It does not unset any of the global variables associated with the session, or unset the session cookie.
So after session_destroy() the cookie that holds the session id is still alive, and just the session file will be deleted. 因此,在session_destroy()之后,保存会话ID的cookie仍然有效,仅会话文件将被删除。 So start_session() tries to find the file for the session id in the cookie, and it fails of course, and it just creates a new empty file for that. 因此, start_session()尝试在cookie中找到用于会话ID的文件,但是它当然会失败,并且为此仅创建一个新的空文件。 So your id does not change. 因此,您的ID不会更改。
If you really want to change that, try to delete the cookie. 如果您确实要更改它,请尝试删除cookie。
解决方案2
1 2015-09-03 09:22:49
You are almost correct about what you have said, BUT if you destroy the session and the script ends in PHP, thats the time file is deleted. 您所说的内容几乎是正确的, 但是如果您破坏了会话并且脚本以PHP结尾,那就是删除时间文件。 If you just try to destroy and create it again, it uses the same file/session ID. 如果您只是尝试销毁并重新创建它,它将使用相同的文件/会话ID。
Its not only the file that is created, but also the file contains all the data you are storing in the session. 它不仅是创建的文件,而且还包含您在会话中存储的所有数据。 Have a look at your session data in your server, its very interesting. 查看服务器中的会话数据,这非常有趣。
Update More interesting things you can do. 更新您可以做的更多有趣的事情。 Write a PHP file 写一个PHP文件
<?php
session_start();
sleep(29000);//delete the session after 29 seconds
session_destroy();
?>
Now have a look at the session file, it should be deleted after 20 seconds. 现在查看会话文件,应在20秒后将其删除。
Do 做
<?php session_start(); ?>
and go to google chrome, and remove the cookie manually from there. 并转到google chrome,然后从那里手动删除Cookie。 The session won't be available anymore. 该会话将不再可用。
<?php session_destroy(); ?><?php session_destroy(); ?>will not destroy the cookies on the client side.<?php session_destroy(); ?>不会破坏客户端的cookie。 Next time you create a session, it will just use the same old information.
Do file1: 执行文件1:
<?php session_start(); $_SESSION['test'] = "A"; ?>
file2: 文件2:
<?php session_start(); $_SESSION['test'] = "B"; ?>
resultFile: resultFile:
<?php session_start(); echo $_SESSION['test']; ?>
Now from two computers, access your website with file1 on one computer and file2 on another. 现在,从两台计算机上,使用一台计算机上的file1和另一台计算机上的file2访问您的网站。 From google chrome, switch their cookie information and see how session A is assigned to B and B is assigned to A. 从Google Chrome浏览器中,切换其Cookie信息,并查看会话A如何分配给B以及B如何分配给A。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.