简体   繁体   English

PHP $ _SESSION变量不会取消设置

[英]PHP $_SESSION variable will not unset

sorry for a repetitive question, I've seen a few of these on this forum but none of the responses worked for me... 对不起重复的问题,我在这个论坛上看过其中一些,但没有一个回复对我有用......

I am building a basic login using php sessions, which I'm new at... 我正在使用php会话构建基本登录,我是新来的......

login.php validates html login form and begins a session, setting variables: $_SESSION['login'] and $_SESSION['id] , login.php验证html登录表单并开始一个会话,设置变量: $_SESSION['login']$_SESSION['id]

then each page that requires a valid login uses require 'session.php'; 然后每个需要有效登录的页面require 'session.php'; which checks the $_SESSION['valid'] variable and redirects a user w/o proper login variable. 它检查$_SESSION['valid']变量并重定向没有正确登录变量的用户。 The problem is when I logout neither session variable I've set will unset. 问题是当我注销时,我设置的会话变量都不会被设置。

Right now my logout.php file uses about every method to destroy the variables that I've been able to find online and none will actually do it. 现在我的logout.php文件使用大约每个方法来销毁我在网上找到的变量,但实际上没有人会这样做。

So whenever I log out, I can still access the 'private' pages. 因此,每当我退出时,我仍然可以访问“私人”页面。

Also note: I have tried it w/oa session name ex: session_start(); 另请注意:我已经尝试过没有会话名称ex: session_start(); that didn't work so now I'm using session_start("user"); 这不起作用所以现在我正在使用session_start("user");

Also note: I am NOT using cookies. 另请注意:我不使用cookies。

Here are the files I mentioned: 这是我提到的文件:


login.php 的login.php


$email=$_POST['email-log']; $pass=$_POST['password-log'];

$i=-1;

do
{$i++; $path="users/".$i.".json";
$file=  file_get_contents($path);
$x=json_decode($file,true);
} while($x['email']!=$email);
$id=$i;
$truepass=$x['pass'];

$errors=0;
$hash=hash('sha256',$pass);
if($hash != $truepass){$errors=$errors+1;}

if($errors==0){
        session_start("user");
        $_SESSION['login']="valid";
        $_SESSION['id']=$id;

    header('Location: loginlanding.php');}

else{header('Location: front.php?error=y');}

session.php session.php文件


session_start("user"); if($_SESSION['login'] !== "valid") {header('Location: front.php?needto=login');}

logout.php logout.php


unset($_SESSION); unset($_SESSION['login']); unset($_SESSION['id']); session_unset("user"); $_SESSION=array(); session_destroy("user"); header('Location: front.php?logged=out');

Any and all responses are welcome and I thank you in advance, also note, I am new to logins in general so any advice to beef up security is welcome also. 欢迎任何和所有的回复,我提前感谢你,也请注意,我是一般新登录的人,所以任何加强安全的建议也是值得欢迎的。 I'm planning on making it more secure, but first I need to get this basic functionality up and running. 我打算让它更安全,但首先我需要启动并运行这个基本功能。

You should never unset($_SESSION) . 你永远不应该unset($_SESSION)

The easiest way to clear the $_SESSION variable is $_SESSION = Array(); 清除$_SESSION变量的最简单方法是$_SESSION = Array();

However, you can also iterate with unset : 但是,您也可以使用unset进行迭代:

foreach(array_keys($_SESSION) as $k) unset($_SESSION[$k]);

It's amazing how many things you're attempting to do after you've unset the only reference you had to the session in the first place. 令人惊讶的是, 您首先取消了对会话的唯一引用之后,您尝试做了多少事情。 Directly from the manual: 直接来自手册:

Caution 警告

Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal. 不要使用unset($_SESSION)取消设置整个$_SESSION ,因为这将禁用通过$_SESSION超全局注册会话变量。

http://php.net/manual/en/function.session-unset.php http://php.net/manual/en/function.session-unset.php

You're unsetting $_SESSION so your unsets to the other arrays of the super global $_SESSION aren't registering, leaving them still in the browsers temporary cookies. 你没有设置$_SESSION所以你对超级全局$_SESSION的其他数组的$_SESSION设置没有注册,留下它们仍然在浏览器临时cookie中。 Use session_unset() instead if you're trying to remove all session variables. 如果您尝试删除所有会话变量,请使用session_unset() Otherwise, don't unset the session global, but unset each individual value of it you want to remove. 否则,请勿取消设置全局会话,但取消设置要删除的每个值。

My working example (notice that you must put start on the call) 我的工作示例(注意你必须开始通话)

<?php
    session_start();
    session_unset();
    session_destroy();
    header('location: ./');
?>

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM