1

我知道这里有一个相同的问题但接受的答案说这是一个带有补丁的错误,但链接却另有说明。该链接说这是预期的行为,而不是错误。

问题中的其他答案正是我试图做的。

$variableToPreserve = $_SESSION['foo'];

session_destroy();
session_start();

// At this point in the debugger, all previous session variables are still 
// in the session anyway, making me think the session has not been destroyed yet.

$_SESSION['foo'] = $variableToPreserve;

下一个请求:

session_start();
// This line errors as 'foo' is not in the session.
$var = $_SESSION['foo'];

我唯一的猜测是,在该请求完成之前,会话实际上并没有被破坏。我可以保留它的唯一方法是保留所有会话变量,但实际上我需要销毁会话并且只'foo'设置。

4

3 回答 3

1

会话是通过 cookie 处理的——所以(我猜)这应该是预期的行为。

您可以手动取消设置会话变量中的所有值:

foreach ($_SESSION as $k => $v) {
    unset($_SESSION[$k]);
}

而不是调用:

session_destroy();
session_start();

这将有效地为您清除会话。

于 2013-08-01T11:12:08.377 回答
1

您的会话销毁代码与 PHP 手册提供的代码不同,例如:

http://php.net/manual/en/function.session-destroy.php

// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();

你可以测试一个演示: http: //phpfiddle.org/lite/code/2vi-r9a

于 2013-08-01T11:12:24.727 回答
1

我为您检查了代码,这就是我看到的行为。

session_start();
$_SESSION['foo'] = 1;

$variableToPreserve = $_SESSION['foo'];

session_destroy();
session_start();

// At this point, the session variable is indeed destroyed, as is evident from the error that the next line throws.

echo $_SESSION['foo'];

$_SESSION['foo'] = $variableToPreserve;

echo $_SESSION['foo'];

// The above line echoes 1
于 2013-08-01T11:15:36.223 回答