How do you implement the website account cancellation function?

Today, Tom encountered some problems when using PHP to log out of a Website user, such as searching for sessions, cookies, and demo instances on the Internet, I still encountered a problem that could not be solved by myself. Now the only thing I can ask for help is sf. I hope it can be solved. ^ _ ^ The specific problem, self-Summary... tom encountered some problems when using PHP to deregister website users.
You can find the session, cookie, and demo instances on the Internet, but you still have problems that cannot be solved by yourself.
Now the only thing you can ask for is sf, hoping to solve it. ^ _ ^
The specific problems are summarized as follows:
1) the process or concept of website logon and cancellation is unclear.

2) The concept of logon and logout is as follows:
User Logon-> write user data to session-> determine the session on the relevant page
User logout-> (question: should session data be destroyed or cookie be deleted)

3) The cookie variable is successfully destroyed.
In this way, Xiao Bai writes the cookie destruction code:
Static methods in a Cookie class

public static function deleteAll() {    foreach($COOKIE as $key => $val) {
        setcookie($key,'', -31536000, '/', 'http://site.cn/', false, true);    }    return true;}

After writing the method, I tried to call it. I checked it using chrome. The request header found that the previously set variable is still
Ask for help. If anyone can see this problem
I hope you can stop your step and leave your valuable experience behind.
Thank you again for your support.^

Reply content:

Tom encountered some problems when using PHP to deregister website users.
You can find the session, cookie, and demo instances on the Internet, but you still have problems that cannot be solved by yourself.
Now the only thing you can ask for is sf, hoping to solve it. ^ _ ^
The specific problems are summarized as follows:
1) the process or concept of website logon and cancellation is unclear.

2) The concept of logon and logout is as follows:
User Logon-> write user data to session-> determine the session on the relevant page
User logout-> (question: should session data be destroyed or cookie be deleted)

3) The cookie variable is successfully destroyed.
In this way, Xiao Bai writes the cookie destruction code:
Static methods in a Cookie class

public static function deleteAll() {    foreach($COOKIE as $key => $val) {
        setcookie($key,'', -31536000, '/', 'http://site.cn/', false, true);    }    return true;}

After writing the method, I tried to call it. I checked it using chrome. The request header found that the previously set variable is still
Ask for help. If anyone can see this problem
I hope you can stop your step and leave your valuable experience behind.
Thank you again for your support.^

First understand what is session and what is cookie

Assume that you are a VIP user. The following is a website browsing, logon, and logout process (simulated)

1. When you open the website, PHP sends a cookie to the browser (just as you use $ _ COOKIE ['phpsessid '] = '4ioqo3m1udlr514n5krsdn1o55';) to mark the current user. the session content of the server is {logined: false; role: visitor; money: 0; lasttime: 2012122100000000 ;}

2. When you browse the pages of this website, the server must determine who you are and then return the corresponding content to you. For example, what is a common user? Or VIP users? Or the administrator? Or a super administrator? The browser is very responsible. Every request to the server carries all the cookies, such as the cookie purchased in history and the cookie of the advertisement site (this is also the reason that the cookie cannot be too large and increases the server pressure ), the server will know that the session_id of your request is 4ioqo3m1udlr514n5krsdn1o55. I thought, it was you. I just looked for me. I will return your VIP image to you right away...

3. Then, you have a surplus recently. To buy something, You need to log on (because it is a VIP, no login discount ). when logging on, enter the user name, password, and the like. The verification is successful. If the server wants to save your current logon status, the login status will be stored in a file (the default is the/tmp directory, in php. ini session. save_path modification), of course, can also be stored in the database and other media... after a rummaging, you are the 4ioqo3m1udlr514n5krsdn1o55. Now you are logged on. Okay, please add a status to it .. therefore, your corresponding session is {logined: true; role: vip; money: 10000000000; lasttime: 20121221000000;} and so on.

4. After you log on, you will start searching, comparing, purchasing, and other activities. the server is not idle. she is busy comparing your interaction value (whether the user refresh the requested page. ini session. gcMaxlifetime value). If the consumption is over, you can delete your session and log out automatically. the server is no matter whether you are a VIP or an administrator .. of course, the temper has a good time, which depends on the probability... PHP. ini can be used to set the session. gcProbability = 100, session. gc_pisor = 100, this 100% is also a problem, the server is very busy, to constantly scan the session, delete the session ....

5. After purchasing the product, the Internet time is up and you want to exit the website. So you click "exit ".. in this case, the website program uses session_destroy () to automatically destroy the session content of your 4ioqo3m1udlr514n5krsdn1o55

4. Browsers often complain to the server, buddy. Your id is too simple to be cracked. I often stick to it. the server said, well, well, I have added a token, And the browser said with a wry smile, the token is also the seesion id, although it is encrypted. the server said that it is also good to increase the difficulty of cracking points, and then change session_id (id is changed every time you access ...).... this is another long article...

All in all

The PHP login/logout function uses a combination of cookies and sessions. the cookie is used to mark the session id, session storage status, and other content. The session is not secure, but it is a good "best" experience... do not put the session on the client, and add an http only cookie.

Supplementary example

  user or password wrong.
';            }        }?>  
  

The logon/logout function uses session. The session can be stored on the client.
Of course, the session function is used.

Take the CI framework as an example:
First, write a session to the browser, add a specific piece of encryption information for security, and then write session information such as 'id' in plaintext. You can simply destroy the 'id' item when logging out.
Note: The encrypted information must be related to each item in the session to prevent ID forgery.

In this case, you should destroy the session instead of the cookie.
To destroy a session, you only need to call the session_destroy () function.

We recommend that you read this article about the relationship between sessions and cookies and how to use them:
Http://www.cnblogs.com/phphuaibei/archive/2011/11/15/2250082.html

There is also a video tutorial here, speak well: http://www.php100.com/html/shipinjiaocheng/PHP100shipinjiaocheng/2009/0416/827.html

If session is used as a cookie, the cookie will be destroyed during cancellation.