首先我们看一下PHP手册中关于PHP删除Cookie的说明
bool setcookie ( string name [, string value [, int expire [, string path [, string domain [, bool secure]]]]] )
要删除 cookie 需要确保它的失效期是在过去,才能触发浏览器的删除机制。下面的例子说明了如何删除刚才设置的 cookie: 例子 2. setcookie() 删除
例子
// 将过期时间设为一小时前
setcookie("TestCookie", "", time() - 3600);
setcookie("TestCookie", "", time() - 3600, "/~rasmus/", ".utoronto.ca", 1);
PHP删除Cookie的方法就是把这个cookie的有效期设置为当前时间以前,这也是几乎所有PHP程序员都会这么做。
后来一个初接触PHP的朋友告诉我,他在程序中本想把一个cookie的值设置为空,结果导致这个cookie直接被删除。我当时的第一反应是不相信,于是测试了一下
setcookie("testcookie", '');
print_r($_COOKIE);
结果果然是整个$_COOKIE数组都是空的,而非仅仅$_COOKIE['testcookie']为空.于是用winsock抓包,观察返回的http头,发现http头竟然是Set-Cookie: testcookie=deleted; expires=Mon, 18-Jun-2007 02:42:33 GMT。这说明setcookie("testcookie", '');的的确确是将testcookie这个cookie直接删除.而关于这种情况在PHP手册中完全没有说明.
最后阅读PHP删除Cookie源码,终于发现真相(这就是开源的好处了,有什么不清楚的内幕直接查源码)
以下PHP删除Cookie代码可以在PHP5.20的linux源码包中ext/standard/head.c第99行附近找到.
<ol class="dp-xml"> <li class="alt"><span><span>if (value && </span><span class="attribute">value_len</span><span> == 0) { </span></span></li> <li><span>/* </span></li> <li class="alt"><span>* MSIE doesn't delete a cookie when <br>you set it to a null value </span></li> <li><span>* so in order to force cookies to be <br>deleted, even on MSIE, we </span></li> <li class="alt"><span>* pick an expiry date 1 year and 1 <br>second in the past </span></li> <li><span>*/ </span></li> <li class="alt"> <span>time_t </span><span class="attribute">t</span><span> = </span><span class="attribute-value">time</span><span>(NULL) - 31536001; </span> </li> <li> <span class="attribute">dt</span><span> = </span>PHP<span class="attribute-value">_format_date</span><span>("D, d-M-Y H:i:s <br>T", sizeof("D, d-M-Y H:i:s T")-1, t,<br> 0 TSRMLS_CC); </span> </li> <li class="alt"> <span>sprintf(cookie, "Set-Cookie: <br>%</span><span class="attribute">s</span><span>=</span><span class="attribute-value">deleted</span><span>; </span><span class="attribute">expires</span><span>=%s", name, dt); </span> </li> <li><span>efree(dt); </span></li> <li class="alt"><span>} else { </span></li> <li> <span>sprintf(cookie, "Set-Cookie: %</span><span class="attribute">s</span><span>=%s", <br>name, value ? encoded_value : ""); </span> </li> <li class="alt"> <span>if (expires </span><span class="tag">></span><span> 0) { </span> </li> <li> <span>strcat(cookie, "; </span><span class="attribute">expires</span><span>="); </span> </li> <li class="alt"> <span class="attribute">dt</span><span> = </span>PHP<span class="attribute-value">_format_date</span><span>("D, d-M-Y H:i:s T", <br>sizeof("D, d-M-Y H:i:s T")-1, <br>expires, 0 TSRMLS_CC); </span> </li> <li><span>strcat(cookie, dt); </span></li> <li class="alt"><span>efree(dt); </span></li> <li><span>} </span></li> <li class="alt"><span>} </span></li> </ol>
源码中清清楚楚的显示,if (value && value_len == 0) ,当value_len为0时
sprintf(cookie, "Set-Cookie: %s=deleted; expires=%s", name, dt);
会发送PHP删除Cookie的http头给浏览器.最后我们可以得出结论,在PHP中使用
setcookie($cookiename, '');或者 setcookie($cookiename, NULL);
都会实现PHP删除Cookie,当然这些手册中并没有。