Modx Pagelocker注销

Question

我创建了一个被Pagelocker锁定的页面。这是完美的工作，但现在我需要一个注销链接/按钮。所以我做了一个链接，链接到一个logout.php。在这个logout.php中有以下代码：

<?php
     session_start();
     unset($_SESSION);
     session_destroy();
     session_write_close();
     header("Location: /login.html");
     die;
     exit;
?>

它会将我重定向到登录，但当我手动转到受保护的页面时，它会在没有登录的情况下显示。用于保护页面和启动会话的代码为：

<?php
/**
 *
 * PageLocker
 *
 * Simple front-end password protection for individual or groups of pages.
 *
 * @ author Aaron Ladage (mods by Bob Ray)
 * @ version 1.1.0-beta1 - June 21, 2012
 *
 * PLUGIN PROPERTIES
 * &tvPassword - (Required) The TV for the password (default: 'pagePassword')
 * &tvPasswordGroup - The TV for the password group (default: 'pagePasswordGroup'). Not required, but a good idea, unless you want all password-protected pages to be accessible with the same password.
 * &formResourceID - (Required) The ID of the password form page (no default set, but absolutely necessary -- the plugin will not work without it)
 *
**/
/* @var $modx modX */
/* @var $scriptProperties array */
if (!function_exists("toForm")) {
    /* Show Login form */
    function toForm($resourceId) {
        global $modx;
        unset($_SESSION['password']);  // make sure password is not still set
        if ($modx->resource->get('id') != $resourceId) { // prevent infinite loop
            $modx->sendForward($resourceId);
        }
    }
}
// Get the default plugin properties
$tvPassword = $modx->getOption('tvPassword',$scriptProperties,'pagePassword');
$tvPasswordGroup = $modx->getOption('tvPasswordGroup',$scriptProperties,'pagePasswordGroup');
$formResourceID = $modx->getOption('formResourceID', $scriptProperties);
// Get the password and password group values from the page's template variables
$resourcePW = $modx->resource->getTVValue($tvPassword);
$resourceGroup = $modx->resource->getTVValue($tvPasswordGroup);
/* Do nothing if page is not password-protected, or the form page is not set in the properties */
if ((empty($resourcePW)) || (empty($formResourceID))) { 
    return;
}
// Set additional defaults
$resourceGroup = empty($resourceGroup) ? 0 : $resourceGroup;
$groups = isset($_SESSION['groups'])? $modx->fromJSON($_SESSION['groups']) : array();
/* Get and sanitize the password submitted by the user (if any) */
$userPW = isset($_POST['password'])? filter_var($_POST['password'], FILTER_SANITIZE_STRING) : ''; 
if (!empty($userPW)) { /* Form was submitted */
    if ($userPW == $resourcePW) { /* password matches the page's password */
        /* Set the logged in and groups session */
        $_SESSION['loggedin'] = 1;
        if (! in_array($resourceGroup, $groups)) {
            $groups[] = $resourceGroup;
            $groupsJSON = $modx->toJSON($groups);
            $_SESSION['groups'] = $groupsJSON;
        }
        return;
    } else { // Doesn't match. Back to the form!
        toForm($formResourceID);      
    }
}  else { // Form wasn't submitted, so check for logged in and groups sessions 
    if ( empty($groups) || ! isset($_SESSION['loggedin']) || (! $_SESSION['loggedin'] === 1) || (! in_array($resourceGroup, $groups))) {
        toForm($formResourceID);
  } 
}

我真的需要你的帮助。

Answer 1

正如文档中所解释的，除了调用session_destroy来完全清除会话之外，还需要做更多的事情。

if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(
        session_name(), 
        '', 
        time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

session_destroy();