Menu
Is it enough to
session_start(); // Must start a session before destroying it if (isset($_SESSION)) { unset($_SESSION); session_unset(); session_destroy(); } when the user selects Log out from a menu, but does not quit his browser? I want to totally remove all existence of the session and $_SESSION
304
For a session, there are usually three ways it gets destroyed on the server side - a logout (which the app destroys the session), a period of inactivity (could be 15 minutes or whatever), or a "hard" timeout, you may want your users to always re-login every 8 hours for instance.
Browsers deletes the session cookies when the browser is closed, if you close it normally and not only kills the process, so the session is permanently lost on the client side when the browser is closed.
A PHP session can be destroyed by session_destroy() function.
session_start() will start session. session_destroy() will destroy session. For setting session data you could do this.
According to the manual, there's more to do:
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
The manual link has a full working example on how to do that. Stolen from there:
<?php // Initialize the session. // If you are using session_name("something"), don't forget it now! session_start(); // Unset all of the session variables. $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } // Finally, destroy the session. session_destroy(); ?> If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
