[英]How do I delete PHPSESSID on client computers
UPDATE ON THE PROBLEM: 更新问题:
setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/', 'www.mywebsite.com');
我尝试使用setcookie删除它: setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/', 'www.mywebsite.com');
but this fails. 但这失败了。 setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/');
尝试使用以下命令删除cookie: setcookie ("PHPSESSID", $_COOKIE['PHPSESSID'], time() - 864000, '/');
results in the PHPSESSID I set being deleted. 导致我设置的PHPSESSID被删除。 session_name
to rename the SESSION I set. 我尝试使用session_name
重命名我设置的SESSION。 This works but crashed my server severally after some minutes. 这可以工作,但几分钟后几次崩溃了我的服务器。 I am working with PHP sessions on my website. 我正在我的网站上使用PHP会话。
The session path was /folder, later on I changed to / to fit the new purpose. 会话路径是/文件夹,稍后我改为/以适应新目的。
Now, old users cant login. 现在,老用户无法登录。
It seems they now have two PHPSESSIDs stored on their browsers - one with path /folder and the other /. 看起来他们现在有两个PHPSESSID存储在他们的浏览器上 - 一个带有路径/文件夹,另一个带有/。
What can I do to ensure that old users can login while ensuring that the session is sitewide with "/". 我该怎么做才能确保旧用户可以登录,同时确保会话在整个网站范围内使用“/”。
MORE INFORMATION 更多信息
When I said two phpsessionid, refer to the image 当我说两个phpsessionid时,请参考图像
A. session_set_cookie_params(864000, '/cv', '.website.com', 0, 1);
A. session_set_cookie_params(864000, '/cv', '.website.com', 0, 1);
but fails to work if I use: 但如果我使用,则无法工作:
B. session_set_cookie_params(864000, '/', '.website.com', 0, 1);
B. session_set_cookie_params(864000, '/', '.website.com', 0, 1);
UPDATE ON DELETING PHPSESSID WITH JAVASCRIPT 使用JAVASCRIPT删除PHPSESSID的更新
UPDATE ON DELETING PHPSESSID WITH PHP 使用PHP删除PHPSESSID的更新
var_dump($_COOKIE['PHPSESSID']);
当我var_dump($_COOKIE['PHPSESSID']);
what is returned is the value of the PHPSESSID with path /cv 返回的是具有path / cv的PHPSESSID的值 setcookie ("PHPSESSID", "", time() - 3600);
尝试使用setcookie ("PHPSESSID", "", time() - 3600);
删除setcookie ("PHPSESSID", "", time() - 3600);
fails. 失败。 I think you are mixing up things or you should go into more detail about your setup/problem. 我认为你正在混淆事情,或者你应该详细了解你的设置/问题。
PHP's session path is the location where session data is stored on your server, not the client. PHP的会话路径是会话数据存储在服务器上的位置,而不是客户端。 See the documentation: https://secure.php.net/manual/en/session.configuration.php#ini.session.save-path 请参阅文档: https : //secure.php.net/manual/en/session.configuration.php#ini.session.save-path
You can move these files and replace/keep in case of collisions how you see fit. 您可以移动这些文件并在发生碰撞时替换/保留您认为合适的方式。 This is pretty much only restricted by read/write-permissions you have when accessing/moving stuff and your webserver-user (eg apache or nginx) or php-user has for reading/writing them from/to the new location. 这几乎只受访问/移动内容时的读/写权限以及您的web服务器用户(例如apache或nginx)或php-user用于从/向新位置读取/写入它们所限制。
If by "PHPSESSID in their browser" you mean the session id is part of your urls, that is a different PHP-setting, that should be disabled anyway, see notice in the documentation: https://secure.php.net/manual/en/session.configuration.php#ini.session.use-trans-sid 如果通过“浏览器中的PHPSESSID”表示会话ID是您的网址的一部分,这是一个不同的PHP设置,无论如何应该禁用,请参阅文档中的注意事项: https : //secure.php.net/manual /en/session.configuration.php#ini.session.use-trans-sid
edit based on your updated question: 根据您更新的问题进行修改:
There already is a nice JS-based solution for expiring the old cookie. 已经有一个很好的基于JS的解决方案,用于使旧cookie过期。 I would go with that. 我会那样做的。 if you can't just do that, you could do a redirect to /cv
have a php-script there that reads the cookie and stores the data somewhere (a database for example based on the user_id) and expire the cookie. 如果你不能这样做,你可以重定向到/cv
有一个php脚本在那里读取cookie并将数据存储在某个地方(例如基于user_id的数据库)并使cookie过期。 Then you can redirect to the old page, look for the "/"-cookie and restore the data. 然后,您可以重定向到旧页面,查找“/” - cookie并恢复数据。 It's a very ugly hack, but I don't think you can get the cookie for each path in PHP, since it's server side and based on the session id provided by the client (but I might be wrong). 这是一个非常丑陋的黑客,但我不认为你可以在PHP中获取每个路径的cookie,因为它是服务器端并且基于客户端提供的会话ID(但我可能是错的)。
I would simply expire the cookie from /folder
. 我只是从/folder
过期cookie。 This should leave you with only one session cookie for /
这应该只留下一个会话cookie /
setcookie('PHPSESSID', '', time() - 86400, '/folder/');
You can change the cookie name for your new session using session_name() before session_start() and let the problem solve itself in a few days. 您可以在session_start()之前使用session_name()更改新会话的cookie名称,并让问题在几天后自行解决。
session_name("SESSION_ID");
session_start();
You have to remove a cookie on the client side. 您必须在客户端删除cookie。 This is possible with javascript. 使用javascript可以实现这一点。
Try this javascript on your site: 在您的网站上试试这个javascript:
<script type="text/javascript">
document.cookie = "PHPSESSID=;Path=/cv;expires=Thu, 01 Jan 1970 00:00:01 GMT;";
</script>
An example: 一个例子:
For this example is use the site https://developer.mozilla.org/en-US/ . 对于此示例,请使用站点https://developer.mozilla.org/en-US/ 。
If i load this site on the cookies there are the following entries 如果我在cookie上加载此站点,则有以下条目 Now I want to remove the cookie with name dwf_section_edit
. 现在我想删除名为dwf_section_edit
的cookie。 To delete this cookie I set the expire date to the past. 要删除此cookie,我将过期日期设置为过去。 After I execute 我执行后
document.cookie = "dwf_section_edit=;Path=/;expires=Thu, 01 Jan 1970 00:00:01 GMT;";
on the console, the cookie is away as you can see on the following image (i used the little refresh button on bottom left of the table because it is only temporary on this example) 在控制台上,cookie就像你在下面的图像上看到的那样(我使用了表左下方的小刷新按钮,因为它只是在这个例子中是临时的)
On the next reload i get the cookie again in this example, because Mozilla give it back to me. 在下一次重新加载时,我在这个例子中再次获取cookie,因为Mozilla会将它还给我。 On your site you don't have to create the old cookie again, and all is fine. 在您的网站上,您不必再次创建旧cookie,一切都很好。
I guess your script does not know, which session should be accessed upon session_start(); 我想你的脚本不知道,在session_start()时应该访问哪个会话;
Try to specify correct path for session using 尝试为会话指定正确的路径
ini_set('session.cookie_path', '/');
or 要么
session_start(['cookie_path' => '/']);
depending on your setup 取决于您的设置
If that does not help, i would suggest using session_regenerate_id() that will replace the current session id with a new one, and keep the current session information. 如果这没有帮助,我建议使用session_regenerate_id() ,它将用新的会话ID替换当前的会话ID,并保留当前的会话信息。
The solution will be let users go to /folder path for the duration of session expire time. 解决方案是让用户在会话到期时间内转到/文件夹路径。 On this path make php script for copying ALL COOKIES from /folder to / path by using setcookie function ( http://php.net/manual/ro/function.setcookie.php ) 在这条路径上创建php脚本,使用setcookie函数将所有COOKIES从/文件夹复制到/ path( http://php.net/manual/ro/function.setcookie.php )
foreach ($_COOKIE as $key => $value) {
setcookie($key, $value, $expire, "/")
}
// redirect to "/" now. User will be able to login.
Additional explanation: cookies are tied to path and domain , its important (and by default its / , but it seems not in your case). 补充说明:cookie与路径和域绑定,其重要性(默认为/ ,但似乎不适用于您的情况)。 So PHPSESSID from subpath (like /folder or /me) not accessible from parent. 所以来自子路径(如/ folder或/ me)的PHPSESSID无法从父级访问。 And they propagate from parent to child. 他们从父母传播到孩子。 So cookies from /me are the same as for / with there not assigned explicit. 所以来自/我的 cookie与没有明确分配的/相同。
If you send manually the header with new expiring date for desired path, the client should remove it. 如果手动发送包含所需路径的新过期日期的标题,则客户端应将其删除。
session_start();
header("Set-Cookie:PHPSESSID=".session_id()."; expires=Sat, 07-Nov-1999 14:58:07 GMT; path=/cv/");
The first time, you have the old cookie path, but from the second page call only the cookie in path /
will be stored and transmitted. 第一次,你有旧的cookie路径,但从第二页调用只有路径/
的cookie将被存储和传输。
You can send this header when you know if the client is affected by this problem or having this for some month. 当您知道客户端是否受此问题影响或者持续一个月时,您可以发送此标头。
Yeah, you need to set the cookie time to a negative value so the browser can delete it, in adition we set the stored value to empty string which also helps to delete the same cookie... 是的,你需要将cookie时间设置为负值,以便浏览器可以删除它,在adition中我们将存储的值设置为空字符串,这也有助于删除相同的cookie ...
This (a the top of your page) would do, just be sure to session_start()
first: 这个(页面的顶部)可以做,只需确保session_start()
首先:
setcookie('PHPSESSID', '', -3600, '/cv');
This works flawlessly on all my domains, I had this problem once. 这在我的所有域名上完美运行,我曾经遇到过这个问题。
您可以通过将其设置为之前的过期来将其删除:
setcookie('phpsessid','value',time()-1);
Just provide the 4th argument when calling setcookie
function : 调用setcookie
函数时只需提供第4个参数:
setcookie ("PHPSESSID", "", time() - 3600, '/');
Explanation 说明
The 4th argument of the
setcookie()
function is$path
of the session to be set.setcookie()
函数的第四个参数是要设置的会话的$path
。 And for this, "The default value is the current directory that the cookie is being set in.". 为此,“默认值是设置cookie的当前目录。”。 (See : http://php.net/manual/en/function.setcookie.php .) So if you are calling this function from a file locating in folder "/folder", it will try to delete a cookie from that folder only. (参见: http : //php.net/manual/en/function.setcookie.php 。)因此,如果您从位于文件夹“/ folder”的文件中调用此函数,它将尝试从该文件夹中删除cookie只要。 By setting the$path
to "/" we are telling the function to delete the session_id from the root directory. 通过将$path
设置为“/”,我们告诉函数从根目录中删除session_id。
I have tested it and it deleted the PHPSESSID
from the cookie successfully. 我测试了它,它成功地从cookie中删除了PHPSESSID
。
It is mentioned here , though Use of session_register() is deprecated and Use of $_SESSION is preferred : - 这里提到了 ,虽然不推荐使用session_register()并且首选使用$ _SESSION: -
If session_start() was not called before this function is called, an implicit call to session_start() with no parameters will be made. 如果在调用此函数之前未调用session_start(),则将对没有参数的session_start()进行隐式调用。 $_SESSION does not mimic this behavior and requires session_start() before use. $ _SESSION不会模仿此行为,并且在使用前需要session_start()。
Then, using $_SESSION , append a JSON file with Auth=True, with TimeOut=20 minutes. 然后,使用$ _SESSION,使用Auth = True附加一个JSON文件,TimeOut = 20分钟。
Whenever, user logs out or after timeout, set Auth=False. 每当用户注销或超时后,设置Auth = False。 Then, read that JSON file using PHP and 然后,使用PHP和。读取该JSON文件
Then, if Auth=False, create JS using PHP that OnLoad event, document.cookie = 'PHPSESSID' + '=;expires=Thu, 01 Jan 1970 00:00:01 GMT;';
然后,如果Auth = False,则使用PHP创建JS,即OnLoad事件, document.cookie = 'PHPSESSID' + '=;expires=Thu, 01 Jan 1970 00:00:01 GMT;';
Lets go back to basics - Here is something that I believe you should try: Run your site. 让我们回到基础 - 这是我认为你应该尝试的东西:运行你的网站。 Keep a note of PHPSESSID. 记下PHPSESSID。 then close the browser completely, open the browser again, and then run your site. 然后完全关闭浏览器,再次打开浏览器,然后运行您的站点。 Check the PHPSESSID and see if it is the same. 检查PHPSESSID并查看它是否相同。
If it is not same then it is not a cookie but a Session ID specific for the browser session. 如果它不相同则不是cookie而是特定于浏览器会话的会话ID。 Second, if the PHPSESSID is the same as set the first time then it is a cookie and you 'will' be able to delete any key=>value pair set to the cookie resources. 其次,如果PHPSESSID与第一次设置相同,那么它就是一个cookie,您将能够删除任何设置为cookie资源的key => value对。 May be you are referencing something wrong in the JS or PHP code. 可能是你在JS或PHP代码中引用了一些错误的东西。
Please try this and revert with results. 请尝试这个并恢复结果。 It will give a lot more clarity. 它将提供更多的清晰度。 Sessions, LocalStorage, IndexDB, Cookies all are different things and referenced differently. Sessions,LocalStorage,IndexDB,Cookies都是不同的东西,并以不同的方式引用。
First thing you have to understand that you cannot delete the COOKIES
on client systems by any means. 首先要了解的是,您无法以任何方式删除客户端系统上的COOKIES
。 When you invalid then browser doesn't delete it, but makes the cookie unvalid. 当您无效时,浏览器不会删除它,但会使cookie无效。 The cookie is still there on the clients system. cookie仍然存在于客户端系统上。 But the browser just ignores it. 但浏览器只是忽略它。 In order to delete it the client must do it themselves. 为了删除它,客户端必须自己完成。
To invalid all sessions you can use 要使您可以使用的所有会话无效
session_start(); // initialize session
session_destroy(); // destroy session
setcookie("PHPSESSID","",time()-3600,"/"); // delete session cookie
or javascript code: 或javascript代码:
document.cookie = "PHPSESSID=; expires=Thu, 01 Jan 1970 00:00:00
UTC;path=/;host=localhost";
In every case you can't delete cookie set by browser's. 在每种情况下,您都无法删除浏览器设置的cookie。 As PHP and javascript can only issue commands only to invalid the already set cookies present. 因为PHP和javascript只能发出命令,只会使已经设置的cookie无效。
By the client himself. 由客户自己。
Direction to flush cookies and cache 刷新cookie和缓存的方向
Uninstall the browser and then Re-Install it. 卸载浏览器,然后重新安装。
Create a new php script and insert it on the top of login.php and in this script you check whether there are two PHPSessionId and if there are two then destroy all of them and reload the page. 创建一个新的PHP脚本并将其插入login.php的顶部,并在此脚本中检查是否有两个PHPSessionId,如果有两个,则销毁所有这些并重新加载页面。 Until you reload the last cookie used before any event would be in-session. 直到您重新加载在任何事件将在会话之前使用的最后一个cookie。 You must reload the page or redirect use: 您必须重新加载页面或重定向使用:
Removing two PHPSESSID 删除两个PHPSESSID
count=0;
foreach($_COOKIE as $key => $value){
if ( $key == "PHPSESSID" ){
count++;
}
}
if (count>1){
//Destory all cookies here
foreach($_COOKIE as $key => $value){
setcookie($key,"",time()-3600,"/");
}
//Reload/redirect the current page to dispose of all things
header("Locations:" . $your_url);
exit(0);
}
Now there would be only I session of PHPSESSID in every case 现在每种情况下只会有一次PHPSESSID会话
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.