Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
96 views
in Technique[技术] by (71.8m points)

php - Removing Expired Sessions

This is my first time posting. I believe I've searched through a bit of the other forums to see if my question has already been asked, but I'm still left scratching my head. I know there's a lot of postings about expired sessions, but I'm thinking in terms of a specific scenario, I guess.

A user is logged into the Dashboard and goes to a page. It sits idle for how ever long, then the garbage collector does its thing and clears the session.

Now, if the user goes back to the Dashboard and clicks to go to another page, I would like to have the user return to the index page - effectively log out.

I have a logout page that the user can go to when they choose to log out. I record some data in the database, remove the session and redirects back to the home page.

I would like to first check if the session is indeed alive. If not, destroy it and redirect to the home page. Otherwise, delete it.

But my question is, if the garbage collector had already cleared the session, do I even need to destroy it?

<?php 

  session_start( );

  if( !isset( $_SESSION['session'] ) ) { 
     session_destroy( );
     header( "Location: /index.php" );
  }
  else {

     // ... log the data I need in the database ...

     $_SESSION['session'] = array( );

     if( ini_get( "session.use_cookies" ) ) {
       $params = session_get_cookie_params( );
       setcookie( session_name( ), '', time( ) - 42000,
                  $params["path"], $params["domain"],
                  $params["secure"], $params["httponly"] );
     }

     session_destroy( );
     header( "Location: /index.php" );    
  }

?>
question from:https://stackoverflow.com/questions/65937099/php-session-count-increases-always

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

session_start() and session_destroy() aren't working with the garbage collector the way you think they are. They're utilizing internal adapters to allow PHP to talk to a persistence layer (generally the filesystem, in this case, the browsers cookies), to extract session information.

What you're doing when you call session_destroy(), is you're instructing your session ADAPTER to destroy the session, not so much PHP. PHP garbage collects the session memory usage constantly, but still maintains reference to the adapters persistence of the session data.

So, yes, you have to call it, unless you destroyed it already.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...