我有一个基本的登录系统。基本登录/注销功能如下:cookies不被删除
function login() {
global $page;
if ($_COOKIE['adminUser'] == adminUser && $_COOKIE['adminPass'] == adminPass):
$_SESSION['adminLogin'] = true;
redirect($_SERVER['REQUEST_URI']);
elseif ($_POST['adminUser'] == adminUser && $_POST['adminPass'] == adminPass):
setcookie('adminUser', $_POST['adminUser'], time() + 60 * 60 * 24 * 7);
setcookie('adminPass', $_POST['adminPass'], time() + 60 * 60 * 24 * 7);
$_SESSION['adminLogin'] = true;
redirect($_SERVER['REQUEST_URI']);
else:
$page->content->table = new template('admin/login.tpl');
// it shows the login form
endif;
}
function logout() {
$_SESSION['adminLogin'] = false;
setcookie('adminUser', false, time() - 60*100000);
setcookie('adminPass', false, time() - 60*100000);
redirect(pathApp);
}
redirect($x)
是header("Location: $x"); die;
。
在整个剧本的任何地方都没有设置其他的COOKIES。
问题是注销功能不起作用。我试图通过Firebug进行调试,看看有哪些头文件正在发送,并且对我来说一切似乎都没问题。这里是萤火虫的登出日志:
Response Headers
HTTP/1.1 200 OK
Date: Fri, 15 Apr 2011 18:48:57 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: adminUser=deleted; expires=Thu, 15-Apr-2010 18:48:56 GMT
adminPass=deleted; expires=Thu, 15-Apr-2010 18:48:56 GMT
Content-Length: 1041
Connection: close
Content-Type: text/html
Request Headers
GET /freeads/admin/logout HTTP/1.1
Host: clienti.bsorin.ro
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://clienti.bsorin.ro/freeads/admin
Cookie: adminUser=q; adminPass=q; PHPSESSID=22faf6e20467b88d97dc7838572cbd47
该脚本是在http://clienti.bsorin.ro/freeads/admin。用户名和密码都设置为'q'。
谢谢!
请勿使用相对时间值来删除Cookie。它假设客户的时钟是准确的,但情况并非总是如此。要删除cookie,请始终使用固定的“古代”日期,如Jan 1/1970 00:00:01。并且请告诉我,您不在该cookie中存储用户名/密码...请请告诉我您不是。 – 2011-04-15 18:58:57
@Marc:此时我在COOKIE中存储用户名/密码。不要担心,但它绝对不是最终的。我以为'time() - 60'实际上是在发送服务器时间( - 60)。我尝试了它像'setcookie('adminUser',false,1)'但仍然没有运气。 – 2011-04-15 19:04:24