stackoom
  简体   繁体   中英

PHP cookie handling - right way? (login/logout)

 原文  2015-10-05 14:10:50       php/ session-cookies

Question

I am working on a 3rd party PHP server that does the following:

When a user logins in: 

ini_set("session.name","APPSESSID");
session_start();

When a user logs out: 

unset( $_SESSION['user'] );
unset( $user );
session_destroy();

The problem is that on logout, APPSESSID is not actually deleted at the client browser. It gets a different value on logout (It seems it becomes what is known as an anonymous cookie)

This is causing problems because I have an web sockets API that is checking if the UA sends the APPSESSID cookie in its connect request and this cookie is being sent by the client even after it logs out of the PHP app as the cookie doesn't really get deleted, just rewritten.

How do I ensure the cookie is actually deleted on logout ?

thanks

1 answers

solution1
 1 ACCPTED  2015-10-05 14:14:28

As the documentation say

If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that. 

if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Logout.php does not destroy cookie or login PHP - Login/Logout/expire with Session,cookie or database Php cookie not deleting on logout PHP secured login cookie, am I doing it right? login/logout problem in PHP Login Logout Script php PHP Login and Logout not working Php and session for login and logout PHP Login/Logout Issues PHP Login Logout problems
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM