How does the great God realize the function of website account logout?

Source: Internet
Author: User
Small white today with PHP to do the site user logoff function encountered some problems
Find the session, cookies, and some demo instances online, or encounter problems that cannot be solved by yourself
Now the only place to ask for help is SF, hoping to be solved, ^_^
The specific problems encountered, self-summary has 3 points:
1), the overall process of logging in or out of the website, or the concept of unclear

2), small white The current concept of login, write-off is this:
User Login----write user data to session-> related pages to determine session
User Logoff--(question: Should I destroy the session's data or a cookie?)

3) in the process of destroying the cookie variable, actually the wood has been destroyed successfully
Small white is the code that writes the destruction cookie:
A static method in a cookie class

public static function DeleteAll () {    foreach ($

After the method is written, try calling it, using Chrome, the request header finds that the previously set variable is still
Ask for help if the great God sees this problem
I hope you can stop your footsteps and leave your valuable experience.
First of all, thank you for your great God, O (∩∩) o ... Haha, ^^

Reply content:

Small white today with PHP to do the site user logoff function encountered some problems
Find the session, cookies, and some demo instances online, or encounter problems that cannot be solved by yourself
Now the only place to ask for help is SF, hoping to be solved, ^_^
The specific problems encountered, self-summary has 3 points:
1), the overall process of logging in or out of the website, or the concept of unclear

2), small white The current concept of login, write-off is this:
User Login----write user data to session-> related pages to determine session
User Logoff--(question: Should I destroy the session's data or a cookie?)

3) in the process of destroying the cookie variable, actually the wood has been destroyed successfully
Small white is the code that writes the destruction cookie:
A static method in a cookie class

public static function DeleteAll () {    foreach ($

After the method is written, try calling it, using Chrome, the request header finds that the previously set variable is still
Ask for help if the great God sees this problem
I hope you can stop your footsteps and leave your valuable experience.
First of all, thank you for your great God, O (∩∩) o ... Haha, ^^

First understand what the session is, what is a cookie

Assuming that you are a VIP user, here is a web browsing, login, logout process. (simulated)

1, when you open the website, PHP sends a COOKIE to the browser (just like you used $_cookie[' phpsessid ') = ' 4ioqo3m1udlr514n5krsdn1o55 ';) Used to mark the current user. The server corresponding session content is {logined:false;role:visitor;money:0;lasttime:2012122100000000;}

2, when you browse the pages of this site, the server to determine who you are, you can return to the corresponding content. For example, is it a regular user? or a VIP user? Or is it an administrator? The browser is conscientious, each request to the server will bring all the cookies, such as the history of the purchase of cookies, advertising point of the cookie and so on (this is not too big reason for cookies, increase the pressure on the server), the server will know your request session_id is 4ioqo3m1udlr514n5krsdn1o55, thought, originally is you, just also looked for me, I immediately returned you a VIP diamond picture to you ...

3, then, you recently have a surplus, want to buy something, to login (because it is VIP, not login no discount). login, enter the user name, password, and so on, verify through, the server to save your current login status, the login status will be stored on a file (default is/tmp directory, Can be modified in php.ini Session.save_path), of course, can also be stored in the database and other media ... After a rummage, originally you are just 4ioqo3m1udlr514n5krsdn1o55 ah, now in the login, OK, give you add a state up. So, your session is {logined:true;role:vip;money:10000000000;lasttime:20121221000000;} and so on.

4, after you log in, you start to search, compare, purchase and other activities. The server is not busy. She's busy comparing your interaction values (whether the user refreshed the requested page) or not (PHP.ini's SESSION.GCmaxlifetime value), and if it's done, delete your session, You are automatically logged out. The server does not matter whether you are a VIP or an administrator, quite overbearing. Of course, temper also has a good time, it depends on the probability ... PHP.ini can set Session.gcprobability=100, session.gc_pisor=100, such 100% is also problematic, the server is very busy, to constantly scan session, delete session ....

5, after the purchase of things, the internet time, to quit the site, so you point out the "exit". At this time, the website program uses Session_destroy () to automatically destroy the current session content of your 4ioqo3m1udlr514n5krsdn1o55

4, the browser often complain to the server, man, you this ID is too simple, easy to be cracked, I often blame AH. The server said, well, well, I'll add another token, the browser has a wry smile, said token is also seesion ID good, although it is encrypted. The server said, add points to crack the difficulty is also good, and then change session_id (each visit to change the ID ...) .... This is another long-length ...

Word

PHP Login/Logout is a combination of cookies and sessions. A cookie is used to mark the session ID, session storage status, and so on. The session is not secure, just a better "best" experience ... session do not put the client, The cookie adds an HTTP only.

Supplementary examples

user:password:<?php    exit;    } Auth::check () End.endif;echo ' login success ', ' logout '. Php_eol;

The login/Logoff function uses the session. The session can be present on the client.
Of course, the session function is used.

Take the CI framework as an example:
Write a session to the browser, and at the end, add a specific piece of encrypted information for security, and then write the session information in clear text such as ' ID '. When you log off, destroy the ' ID ' item.
Note: The encryption information is related to each item in the session and prevents the forgery of ID.

Your situation should be to destroy the session, not the cookie.

Destroy the session as long as the call: Session_destroy () function is available.

It's like a session. If the session uses a cookie, the cookie is also destroyed when you log off

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.