(PHP) How to destroy the session cookie correctly?

前端 未结 3 803
我在风中等你
我在风中等你 2020-11-28 15:02

I\'m trying to correctly log out of an admin user. Here is my function:

function logout()
{
    $_SESSION = array(); //destroy all of the session variables
          


        
相关标签:
3条回答
  • 2020-11-28 15:30

    If you really want to cover all bases try doing:

    setcookie (session_id(), "", time() - 3600);
    session_destroy();
    session_write_close();
    

    That should prevent further access to the session data for the rest of PHP execution. The browser may still show the cookie being set however the $_SESSION super will be blank

    0 讨论(0)
  • 2020-11-28 15:36

    Maybe your problem is not the cookie, but the browser showing a cached version of your admin page. Could that be? If it disappears when you hit F5, it's probably that. This can be sorted by setting the right cache-control headers.

    Check out this SO question on the issue of how to set caching. The question is about exactly the other way round (forcing browsers to cache) but you'll figure out what to change to turn caching off.

    0 讨论(0)
  • 2020-11-28 15:51

    Just a tip for others who are having issues expiring session cookies:

    PHP - why can't I get rid of this session id cookie?

    Always use session_get_cookie_params() as in the answer to the question in the link above.

    0 讨论(0)
提交回复
热议问题