1

我开始创建一个登录系统,该系统利用 cookie 实现“记住我”功能。一切正常,但是我在用户注销时无法删除 cookie。

如果用户未选中“记住我”框并成功登录即未创建 cookie,则注销功能按预期工作并加载登录框。

如果他们不执行后者并且用户单击注销按钮,则 cookie 将保留并显示他们仍在登录。

如果有人能阐明为什么 cookie 不会删除,我将不胜感激。

下面是我正在使用的代码:

在用户尝试登录后运行的 PHP 代码:

// If the form has been submitted
if(isset($_POST['login'])):

    // Protect from unwanted code/string context
    $username = strip_tags(addslashes(trim($_POST['username'])));
    $string = strip_tags(addslashes(trim($_POST['password'])));
    $remember = strip_tags(addslashes(trim($_POST['remember'])));

    // Pass the returned variables from functions to a local versions
    $password = salting($string);   // Salt Password Preperation
    $link = db_connect();           // DB connection

    // Connect to the database and try to find a login match
    $result = mysqli_query($link,"SELECT * FROM web_users WHERE username='".$username."' AND password='".$password."'");
    $row    = mysqli_fetch_object($result);

    // Create erronous results if submitted data is invalid
    if (mysqli_num_rows($result) !== 1):
        $errmsg[0] = "Invalid Username or Password, please re-try";
    endif;

    $e_login = serialize($errmsg);

    // If validation passes then continue
    if (!$errmsg):
        // Increment the login_count field by 1
        $row->login_count++;
        $count = $row->login_count;

        // Retrieve the date for admin purposes
        $date = date('Y-m-d-h:i:s'); // Y=year (4 digits) m=month (leading zero) h=hour i=minutes s=seconds

        // Salt Password Preperation
        $string = session_id();
        $login_id = salting($string);

        // Connect to the database and update the related row
        $update = mysqli_query($link,"UPDATE web_users
                                      SET login_count='".$count."',
                                          login_last='".$date."',
                                          login_id='".$login_id."',
                                          logged='1'
                                      WHERE id='".$row->id."'")

                                      or die(mysqli_error($link));

        // Create a multi-dimensional session array
        $_SESSION['login'] = array('user'       => $row->display_name,
                                   'id'         => $row->id,
                                   'user_level' => $row->user_level);

        if($remember == 1):
            setcookie("login_user",session_id(),time() + (86400*7)); // 604800 = 1 week
        endif;

        // Free the memory and close the connection
        mysqli_free_result($result);
        mysqli_close($link);

        // Take the user to the successive page if no errors
        header("location: /");
    endif;
endif;

用于创建注销元素的 HTML 代码:

<a href="/logout" title="Logout">
    <img src="<? echo ASSETS . IMAGES . ICONS . GENERAL; ?>logout.png" alt="User Logout">
</a>

用户注销时运行的 PHP 代码:

function logout() {
    // Load the db connect function to pass the link var
    $link = db_connect();

    if(is_array($_SESSION['login'])):
        // Update the logged field to show user as logged out
        $update = mysqli_query($link,"UPDATE web_users SET logged='0' WHERE id='".$_SESSION['login']['id']."'") or die(mysqli_error($link));

        // Free the memory and close the connection
        mysqli_free_result($update);
        mysqli_close($link);

        // Unset all of the session variables.
        $_SESSION = array();

        // If it's desired to kill the session, also delete the session cookie.
        // Note: This will destroy the session, and not just the session data!
        if(isset($_COOKIE[session_name()])):
            setcookie(session_name(), '', time()-7000000, '/');
        endif;

        // Finally, destroy the session.
        session_destroy();

        // Take the user to the successive page if no errors
        header("location: /");
    endif;
}
4

3 回答 3

7

用户在使用记住我复选框登录到您的站点时,将拥有两个cookie。默认情况下会话 cookiePHPSESSID和记住我 cookie login_user。为了删除会话,您只需使用以下代码删除会话 cookie:

    if(isset($_COOKIE[session_name()])):
        setcookie(session_name(), '', time()-7000000, '/');
    endif;

问题是,除此之外,您还需要使用以下代码取消设置记住我的 cookie。

    if(isset($_COOKIE['login_user'])):
        setcookie('login_user', '', time()-7000000, '/');
    endif;
于 2012-12-13T15:37:36.793 回答
1

要删除 cookie,您应该将过期日期设置为过去:

setcookie('login_user', '',time() - 3600);

您有此规则,但显式添加了路径参数,尽管您在设置 cookie 时没有使用路径,这可能是问题所在。

于 2012-12-13T15:23:17.740 回答
1

我会冒险猜测您的代码

 if(isset($_COOKIE[session_name()])):
      setcookie(session_name(),'',time()-7000000,'/');
 endif;

是你的问题。很可能isset返回错误。如果可能,我会将其从if声明中删除。

此外,如下评论中所述。你用了session_start()吗?上面的代码中没有引用它。这将导致session_name()返回空。

于 2012-12-13T15:23:49.647 回答