为什么会话ID在PHP中的会话中持续存在？

Question

请考虑以下代码:

<?php
    if (!session_id())
        session_start();
    echo session_id();
    session_destroy();
?>

为什么我每次刷新此页面时都会显示相同的会话ID,即使每次会话都被销毁并重新创建？在会话销毁时是否清除了会话ID？

编辑:

我已经根据最喜欢的答案使用了这个更新的代码 - 但是,会话ID仍然存在!有任何想法吗？

if (!session_id())
        session_start();
echo session_id();

// Unset all of the session variables.
$_SESSION = array();


// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();

Answer 1

session_destroy()销毁与当前会话关联的所有数据.它不会取消设置与会话关联的任何全局变量,也不会取消设置会话cookie.要再次使用会话变量,必须调用session_start().

为了完全终止会话,比如要将用户注销,还必须取消设置会话ID.如果使用cookie来传播会话ID(默认行为),则必须删除会话cookie.setcookie()可能会用于此.

http://php.net/manual/en/function.session-destroy.php

该手册附带一个代码示例:

示例#1使用$ _SESSION销毁会话

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>

**更新**

PHP Version 5.3.6-13 Linux lime 3.0.0-1-686-pae#1 SMP Wed Aug 17 04:28:34 UTC 2011 i686

Apache/2.2.19(Debian)

会话设置(phpinfo)

Directive           Local Value         Master Value
session.auto_start          Off         Off
session.bug_compat_42           Off         Off
session.bug_compat_warn         Off         Off
session.cache_expire            180         180
session.cache_limiter           nocache         nocache
session.cookie_domain           no value            no value
session.cookie_httponly         Off         Off
session.cookie_lifetime         0           0
session.cookie_path         /           /
session.cookie_secure           Off         Off
session.entropy_file            no value            no value
session.entropy_length          0           0
session.gc_divisor          1000            1000
session.gc_maxlifetime          1440            1440
session.gc_probability          0           0
session.hash_bits_per_character         5           5
session.hash_function           0           0
session.name            PHPSESSID           PHPSESSID
session.referer_check           no value            no value
session.save_handler            files           files
session.save_path           /var/lib/php5           /var/lib/php5
session.serialize_handler           php         php
session.use_cookies         On          On
session.use_only_cookies            On          On
session.use_trans_sid           0           0

更新

所以.以下设置会导致同样的问题.if,并且只有当我将会话id作为请求参数locahost时才会发送？PHPSESSID =无论如何

ini_set('session.auto_start', 'on');
ini_set('session.use_trans_sid', 'on');
ini_set('session.use_cookies', 'off');
ini_set('session.use_only_cookies', 'off');

if(!session_id())
  session_start();

echo session_id();
// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();

重要提示: 此设置对于会话劫持[ 会话固定 ] 很有价值