PHP session reset button_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-02 19:23 出处：网络

i want a button on my website that reads reset, and when clicked the session gets resetted? any 开发者_JAVA技巧ideas? What i mean by resetted is just clears the session, so i want a html button that w

相关专题：php

Create a form that contains two things: 1) a hidden var that contains the current URL 2) a button that, when pressed, directs the user to a page that clears the session

on the second page, clear the session and then, using the $_POST information from the form, redirect the user back to the page they were on.

To destroy the session:

session_start(); // if it's not already started.
session_unset();
session_destroy();

This button would submit a form to a PHP script that does this:

session_start();
session_destroy();

// Typically, after doing this you will redirect the user
// to the home page with something like:
header('Location: index.php');

That's all there is to it.

Don't be confused by the "submit a form" part -- you don't need to have anything in the form apart from the button.

Easy way (which is almost 100% safe): Use javascript to remove the cookie (most of the time PHPSESSID)

Bit more complicated way (which is far more safe): Use PHP to unset $_SESSION (so the user cannot do anything with the PHPSESSID anymore, to prevent hijacking) and then unset or regenerate $_COOKIE['PHPSESSID'] (or session_regenerate_id).

This is from the PHP manual for session_destroy:

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>

It first resets all session data (so it can't be used later in the same page load), before removing the session cookie and lastly destroying the session which wil erase the data file from disk.