session_unset()是清除和重置PHP Sessions变量的正确方法吗?
[英]is session_unset() the correct way to clear and reset PHP Sessions variables?
问题描述
I am working on a session management function in PHP. 
我正在使用PHP进行会话管理功能。 I found a webpage that shows how to implement session timeouts ( https://solutionfactor.net/blog/2014/02/08/implementing-session-timeout-with-php/ )... I noticed that they use session_unset() and session_destroy() methods. 我发现了一个网页,该网页显示了如何实现会话超时( https://solutionfactor.net/blog/2014/02/08/implementing-session-timeout-with-php/ )...我注意到它们使用session_unset()和session_destroy()方法。
I am confused about the use of session_unset() 我对session_unset()的使用感到困惑
In looking at the PHP Manual ( https://www.php.net/manual/en/function.session-unset.php ) there are notes that say: 在查看PHP手册( https://www.php.net/manual/zh/function.session-unset.php )时,有以下注释:
The session_unset() function frees all session variables currently registered.
Note: If $_SESSION is used, use unset() to unregister a session variable, ie unset ($_SESSION['varname']);.
Caution Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal.
Note: Only use session_unset() for older deprecated code that does not use $_SESSION.
Here is what I have, based on the example on the page previously cited. 这是我所拥有的,基于之前引用的页面上的示例。 ($sysTime will be the server's time passed to the function when called. ($ sysTime是服务器在调用时传递给该函数的时间。
//Define SYS_SES_TIMEOUT - How many seconds is a session valid for. 1800 seconds = 30 minutes
define("SYS_SES_TIMEOUT", 1800);
session_start();
function fSessionMgmnt_isExpired($sysTime){
if(isset($_SESSION['Expire_DT']) && ($sysTime - $_SESSION['Expire_DT']) > SYS_SES_TIMEOUT){
session_unset(); session_destroy; session_start();
//redirect to login page
}else{//proceed to next check}
}
My goal is that if the session is expired, the session is cleared out and the user is brought back to the login page to re-authenticate... where a new session would be created. 我的目标是,如果会话过期,则将会话清除,然后将用户带回登录页面以重新进行身份验证...,在那里将创建新会话。
Based on the php manual, I am not sure if session_unset() is the correct method to use. 基于php手册,我不确定session_unset()是否是正确使用的方法。 Especially since session_destroy() says that it does not unset variables associated with the session and the session_unset() page notes about deprecated code. 特别是因为session_destroy()表示它不会取消设置与该会话相关的变量,所以session_unset()页上的注释说明了已弃用的代码。
Guidance is appreciated. 指导表示赞赏。
[Please note that while this has been flagged as a potential duplicate of PHP - Does session_unset unregister $_SESSION vars? [请注意,尽管已将其标记为可能的PHP副本-session_unset是否注销$ _SESSION变量? , I have to disagree, the suggested post asks what the function does, while my question is asking for the proper way to handle a scenario. ,我不得不不同意,建议的帖子询问该函数的功能,而我的问题是询问处理场景的正确方法。 ] ]
2 个解决方案
解决方案1
2 已采纳 2019-08-19 11:48:27
session_destroy() function: It destroys all of the data associated with the current session. session_destroy() function:销毁与当前会话关联的所有数据。 It does not unset any of the global variables associated with the session, or unset the session cookie. 它不会取消设置与该会话关联的任何全局变量,也不会取消设置会话cookie。
Note: If it's desired to kill the session, also delete the session cookie.
session_unset() function: It deletes only the variables from session and session still exists. session_unset() function:它仅从会话中删除变量,并且会话仍然存在。 Only data is truncated. 仅数据被截断。
You can visit this link for more information and find out what you really need. 您可以访问此链接以获取更多信息,并了解您真正需要什么。
You can also see the examples describe here 您还可以在此处查看描述的示例
解决方案2
1 2019-08-19 11:45:54
the session_unset() function is used to destroy a single session variable. session_unset()函数用于销毁单个会话变量。 but session_destroy() function destroys the whole php session. 但是session_destroy()函数破坏了整个php会话。 So in your case it is better to use session_destroy() . 因此,在您的情况下,最好使用session_destroy() 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.