问题
In the login.php i check if everething is ok and if its i creat the session and redirect the user
$success = $dbh->prepare("SELECT UserId FROM users WHERE username =:username
AND password=:password");
$success->bindParam(':username', $username);
$success->bindParam(':password', $password);
$success->execute();
$rowSuccess = $success->fetch();
$user_id = $rowSuccess['userid'];
$_SESSION['user_id'] = $user_id;
$_SESSION['loggedIn'] = 1;
So how to destroy the user session when i delete him if he is still logged in
回答1:
As soon as you call on session_destroy() your $_SESSION['user_id'] and $_SESSION['loggedIn'] will cease to exist. So when the user refreshes the page, have an if condition to check for the userId and call
if(!isset($_SESSION['userId'])) { //if the session variable for this doesn't userId exist
print "Sorry, no recognized account";
}
EDIT:
This sounds more like an AJAX solution since you wanna do some action immediately when the user is deleted. In your JavaScript set up an ajax request that calls the PHP script performing this delete action. Then, when the action is completed, alert the user and take him/her to a different page using window.location. To summarize
$.ajax({
url:"deleteUser.php",
cache:false,
success:function(data){
alert("Sorry you have been deleted. Re-routing to home page");
window.location="homepage.php";
}
});
回答2:
You can fetch user data from database on every request, if user doesn't exist or is inactive you can destroy session.
回答3:
It sounds like session_destroy() is what you may want.
Note this from the session_destroy() docs, though:
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
来源:https://stackoverflow.com/questions/9560022/destroy-session-after-user-is-deleted-but-still-logged-in