我使用这个函数来创建一个sign in会话和cookie
function startSession($time,$ses) {
session_set_cookie_params($time,'/','.domain.com',false,true);
// if I use www.domain.com the session won't start and the user won't be able to sign in
session_name($ses);
if(session_id() == '') {
session_start();
}
if (isset($_COOKIE[$ses]))
setcookie($ses, $_COOKIE[$ses], time() + $time, "/");
}
登录页面在头部
包含以下代码ini_set('session.cookie_lifetime',99999999);
ini_set('session.gc_maxlifetime',99999999);
ini_set('session.use_trans_sid', false);
ini_set('session.use_only_cookies' , true);
if(session_id() == '') {
session_start();
}
如果凭证是正确的,我调用函数
startSession($time = '99999999', $ses = 'mySession');
并将值添加到数组
$_SESSION['mySession'][0] = 'value1';
$_SESSION['mySession'][1] = 'value2';
然后将用户重定向到头部
中包含此代码的索引页startSession($time = '99999999', $ses = 'mySession');
登出页面包含以下代码
session_start();
unset($_SESSION['mySession']);
session_destroy();
unset($_COOKIE['mySession']);
setcookie('mySession', null, -999999999, '/');
$_SESSION['mySession'] = array();
$_SESSION['mySession'][0]=' ';
$_SESSION['mySession'][1]=' ';
session_regenerate_id(true);
然后用户再次被重定向到索引页,但注销过程不起作用,用户再次自动登录。是什么让用户在取消会话和cookie后再次登录?
登录和注销有一个很简单的解决方案。
登录:<?php
# Firstly:
session_start();
# Suppose authentication is successful and you have a user array...
# $user = array('id' => 5, 'name' => 'Rayn', 'email' => 'xyz@gmail.com');
# Now you want to log that user in.
$_SESSION['user'] = $user;
# Now if I want to add the cookie.
setcookie('user', $user, time()+3600*24*30, '/');
# It is time() + 30 Days.
# Now check in your protected pages...
if (!empty($_COOKIE['user'])) {
$_SESSION['user] = $_COOKIE['user'];
}
#and focus your concentration on the session.
if (empty($_SESSION['user])) {
// Redirect him to the login page.
}
?>
注销:
<?php
# Firstly:
session_start();
unset($_SESSION['user']);
setcookie('user', NULL, time() - 3600*24, '/');
# It is actually time() - 24 Hours.
# You have wrote only -[some time value]. Which is a negative time.
?>