开发者

Clicking link should expire the session

开发者 https://www.devze.com 2023-02-12 07:08 出处:网络
I have a link like <a href=\"some link\">Click</a> . Now,On clicking this link should made the session to开发者_Python百科 expire..ie.,using session_destroy().It is strongly advisable to a

I have a link like <a href="some link">Click</a> . Now,On clicking this link should made the session to开发者_Python百科 expire..ie.,using session_destroy().


It is strongly advisable to avoid this type of operations in order to avoid CSRF attacks.

For example you will create a link that points to http://site.come/logout Then, I grab the url and make an image with its source set to the mentioned url.

<img src="http://site.come/logout"/>

Now on any other webpage when a user from you site will be exposed to this image he will be automatically logged out from your system.

I would suggest using POST.

<input type="submit" name="logout" value="Logout"/>

<?php
    if(isset($_POST['logout'])) {
        session_destroy(); 
    }
?>


<!--in the index.php page-->

<a href="logout.php">Logout</a>


<!--in the logout.php page-->

<?php
session_start(); //to ensure you are using same session
session_destroy(); //destroy the session
header("location:http://localhost/moon/index.php"); 
//to redirect back to "index.php" after logging out
exit();
?>


Try following code.

Suppose you have page session_expr.php

<?php

if(isset($_GET['expire'])){
session_start();
session_destroy();
}

?>
<a href="session_expr.php?expire">Destroy session</a>

With this you are sending expire with GET method to the same page on clicking on the link. Once you have expire in GET variable the PHP code will execute with session_destroy() function.

0

精彩评论

暂无评论...
验证码 换一张
取 消