发表新帖
发表新帖

session is not destroyed

前端 未结
关注
5 606
醉梦人生
醉梦人生 2021-01-27 06:55

i have this file

secure.php 

session_start();
if(empty($_SESSION[\'u_name\'])) {
    header(\"Location:emprego.php\");
}

if(isset($_GET[\'logout\'])) {
相关标签:
5条回答
  • 南笙
    2021-01-27 07:31

    If you're using session cookies, also try expiring the session cookie explicitly, like this:

    if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

    Also, going back in the browser only loads a cached copy of the page. If you tried interacting with the cached page to fetch a new page from the server, you shouldn't be able to proceed.

    0 讨论(0)
  • 独厮守ぢ
    2021-01-27 07:32

    All the other solutions didn't seem to work for me. However, this workaround did the trick. Basically, the code below keeps calling the logout until the logout finally succeeds:

    if (isset($_GET["logout"])){
    if (isset($_SESSION["username"])) {
        unset($_SESSION["username"]);
        session_destroy();
        header("Location:/?logout=true");
        exit;
    }
    header("Location:/");
    exit;
}
    0 讨论(0)
  • 青春惊慌失措
    2021-01-27 07:35

    http://nl2.php.net/manual/en/function.session-destroy.php

    Take a look at example 1 here. It clearly states that you have to clear $_SESSION as well.

    if(isset($_GET['logout'])) {
    unset($_SESSION['u_name']); //makes it non-existent (it does unset) that variable
    session_destroy();
    header("Location:emprego.php");
}
    0 讨论(0)
  • 被撕碎了的回忆
    2021-01-27 07:36

    I recently found header_remove(); http://php.net/manual/en/function.header-remove.php 

        Caution: This function will remove all headers set by PHP, including cookies, session and the X-Powered-By headers.

    Not sure whether this is the appropriate way to do it, but it's pretty effective for log out functionality.

    0 讨论(0)
  • 孤城傲影
    2021-01-27 07:38

    Your browser keeps a copy of the page in cache. When you click the back button, you are seeing the local cached copy, not the current page from the server. If your security is set up properly, you will not be able to do anything meaningful from that cached page.

    It is for this reason that secure websites (bank sites, for example) tell you to log off and clear your cache (or close the browser) after you log out.

    0 讨论(0)
 看不清?
提交回复
热议问题