![](/img/trans.png)
[英]PHP Session ( $_SESSION[ ] ) is working even destroy the session
[英]My Session reappears In PHP even after destroy
我有一個登錄網頁,用戶可以在其中登錄。然后將該頁面重定向為一個臨時頁面,即loginvalidte.php。 該頁面將用戶數據保存在Session中,並將請求轉發到index.php頁面,其中包含一些用戶數據,並且還具有一個注銷按鈕,該按鈕重定向到login.php
簡而言之,
login.php - For user to enter username and password
loginvalidate.php - Session values are initialized
index.php - Dashboard page with logout button
這是我的頁面:
的login.php
<!DOCTYPE html>
<?php
//session_unset();
session_destroy();
$_SESSION = array();
$authError='false';
if($_GET['AuthCheck']=='failed'){
$authError='true';
}
if($_GET['Expired']=='true'){
$sessionexpire='true';
}
//print_r ($_SESSION);
foreach($_SESSION as $key => $val)
{
unset($_SESSION[$key]);
}
//unset($_SESSION["InfraUser"]);
//unset($_SESSION["InfraPassword"]);
$_SESSION["InfraUser"]='';
$_SESSION["InfraPassword"]='';
$_SESSION = NULL;
print_r($_SESSION);
?>
<html >
<head>
<meta charset="UTF-8">
<title>One click Infra</title>
<link rel="stylesheet" href="loginstyle/css/style.css">
</head>
<body>
<html>
<html>
<head>
<meta charset="UTF-8">
<title>Login Form</title>
<script src="loginstyle/js/prefixfree.min.js"></script>
</head>
<body>
<div id="logo">
<h1><i> One Click Infra</i></h1>
</div>
<section class="stark-login">
<form action="loginvalidate.php" method="post">
<?php if($authError=='true'){ ?>
<div id="fade-box">
<p>Authentication Failed. Please Login Again</p>
</div>
<?php }
else if ($sessionexpire=='true'){ ?>
<div id="fade-box">
<p>Session Expired. Please Login Again</p>
</div>
<?php }?>
<div id="fade-box">
<input type="text" name="username" class="form-control" placeholder="Username" required="" />
<input type="password" name="userpassword" class="form-control" placeholder="Password" required="" />
<div hidden>
<input type="text" name="authorize" class="form-control" placeholder="Authorize" value="on"/>
</div>
<button>Log In</button>
</div>
</form>
<div class="hexagons">
<img src="http://i34.photobucket.com/albums/d133/RavenLionheart/NX-Desktop-BG.png" height="768px" width="1366px"/>
</div>
</section>
<div id="circle1">
<div id="inner-cirlce1">
<h2> </h2>
</div>
</div>
<ul>
<li></li>
<li></li>
<li></li>
<li></li>
<li></li>
</ul>
<script src='http://codepen.io/assets/libs/fullpage/jquery.js'></script>
<script src="loginstyle/js/index.js"></script>
</body>
</html>
<script src="loginstyle/js/index.js"></script>
</body>
</html>
loginvalidate.php
<?php
session_start();
$User = $_POST["username"];
$Password = $_POST["userpassword"];
include('/opt/lampp/htdocs/oneclickinfra/Net/SSH2.php');
$ssh = new Net_SSH2('10.41.66.73');
if (!$ssh->login('centos', 'centos')) {
exit('OCI Server Is Down. Please send mail to performance@snapdeal.com');
}
/////////////////////////////////////////////////////////////////////////////////////////////
if ($_POST['authorize']){
$command0 = 'curl --request POST "http://gitlab.snapdeal.com/api/v3/session?login='.$User.'&password='.$Password.'"';
$req_data0 = $ssh->exec($command0);
if (strpos($req_data0,'Unauthorized')!==false){
header("Location: login.php?AuthCheck=failed");
}
else{
$_SESSION["InfraUser"] = $User;
$_SESSION["InfraPassword"] = $Password;
print 'Data here is: '.$_SESSION["InfraUser"].' and '.$_SESSION["InfraPassword"];
//sleep(10);
header("Location: index.php");
}
}
////////////////////////////////////////////////////////////////////////////////////////////
?>
index.php的一部分:
<?php
session_start();
$User = '';
$Password = '';
print_r($_SESSION);
if(!isset($_SESSION['InfraUser'])){
//if($_SESSION['InfraUser']===''){
header("Location: login.php?AuthCheck=failed");
}
else{
$User = $_SESSION["InfraUser"];
$Password = $_SESSION["InfraPassword"];
}
//////////////////////////////////// Maintains Session Only for 30 Minutes ///////////////////////
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 3600)) {
// last request was more than 30 minutes ago
//session_unset(); // unset $_SESSION variable for the run-time
//session_destroy(); // destroy session data in storage
header("Location: login.php?Expired=true");
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
//////////////////////////////////////////////////////////////////////////////////////////////////
$chefApiFetchAuthCheck = $_GET["chefApiFlavorFetchAuthenticationError"];
問題是當我按注銷時,它將重定向到login.php頁面,該頁面將清除所有會話變量,因為我沒有通過在login.php頁面上打印會話數組來獲取任何數據。 但是,當我直接在index.php上進入該站點時,仍然可以獲得我的用戶會話值。
請幫助,因為如果用戶在點擊注銷后直接輸入index.php,我想將用戶重定向到loginPage。
您應該在header("Location: login.php?Expired=true");
之后die()
header("Location: login.php?Expired=true");
因為$_SESSION['LAST_ACTIVITY']
仍然被設置,即使您被重定向。
對於您遇到的錯誤,您只能銷毀現有的運行會話。 但是似乎@avenged_badger擊敗了我。
您需要在login.php的開頭調用session_start()
。 這就是為什么您看不到$_SESSION
變量以及為什么不將其重置的原因。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.