发表新帖
发表新帖

How to destroy a specific PHP session

前端 未结
关注
3 996
佛祖请我去吃肉
佛祖请我去吃肉 2021-01-06 14:53

I am looking for insights into how to destroy a specific session in PHP. Through a partner website a user logs into the main website using a token and obtains a full session

相关标签:
3条回答
  • 没有蜡笔的小新
    2021-01-06 15:14

    The database solution means that the session database needs to be shared between mainwebsite and the partner site, which frequently isn't the case etc. Maybe something along these trivial lines would suffice?

    <img src="mainwebsite/logout.php">

    mainwebsite/logout.php:

    <?php session_destroy(); ?>
    0 讨论(0)
  • 一个人的身影
    2021-01-06 15:22

    If you wish to be able to 'kick' the sessions of a user(s), the only way you can do it is if you use MySQL (or someother db, sqlite even) for your session storage.

    Then you can simply remove entries from the db to kill a session.

    This also allows you do do things such as, 'take control' of a specific user's session and other stuff :)

    See this for a very basic run through: http://www.devshed.com/c/a/MySQL/Custom-Session-Management-Using-PHP-and-MySQL/ (not the best example but good enough full example to start you).

    EDIT

    Also, if logging out through the partner site, another method I have used in the past (which was with O2 and other such sites) they were given a 'callback' (REST API call in most cases) which they would also need to call when the user logs out of their site.

    0 讨论(0)
  • 野的像风
    2021-01-06 15:35

    There's no need to roll-your-own session handling.

    session_id() can take a parameter, the session id you want to work with.

    So, when you pass the user off to the partner site, pass along their session_id (or some token, or whatever).

    Then allow the partner site to hit a script like this:

    kill-user-session.php

    <?php
/**
 * Destroy any active session identified by $_POST['sid']
 */
session_id($_POST['sid']);
session_start(); //this line may not even be necessary
session_destroy(); //destroys that session.

    So when the user logs out on the partner site, the partner site POSTs the session_id (that you gave them) to your kill-user-session script, and the user's session is destroyed on your server.

    Of course, you probably want to limit access to kill-user-session.php via some method or another.

    0 讨论(0)
 看不清?
提交回复
热议问题