How to properly kill sessions in zend framework?

Question

This is how I set sessions

$this -> sess = new Zend_Session_Namespace('user');
$this -> sess -> username = "Bob";
$this -> sess -> admin = "1";

And this is how I kill it

setcookie("mycookiename",md5(rand(10,1200)),time() - (60 * 60),"/",".site.com");
$_SESSION = array();
session_destroy();
$this -> _redirect('/');

but it still keeps the $this->sess->admin as '1' ... username is gone but admin stays as one. What's the correct way to delete ALL sessions associated with the client?

If I do

$this->sess->admin = 0;

Then it works, but I doubt this is the right way for each session variable that i hold.

I also tried

setcookie("mycookiename",md5(rand(10,1200)),time() - (60 * 60),"/",".site.com");
Zend_Session::namespaceUnset($this->sess);

and it didn't work, it didn't close any sessions.

Answer 1

To delete ALL sessions associated with the client use this:

\Zend_Session::destroy( true );

This will delete the entire session and also send a header request to the client to remove any cookies associated with the session. You can alternatively set the parameter of this method to false to not delete the user cookies. But please note:

Zend_Session::destroy(true) must either be called before PHP has sent HTTP headers, or output buffering must be enabled. It will destory all of the persistent data associated with the current session. However, no variables in PHP are affected, so your namespaced sessions (instances of Zend_Session_Namespace) remain readable.

To remove these use the following approach:

$ns = 'auth'
$namespace = new \Zend_Session_Namespace( $ns );
$namespace->unsetAll();

Please see here for further information

Answer 2

To destroy particular session do

Zend_Session::namespaceUnset('user');

Answer 3

You can use

Zend_Session::destroy($remove_cookie = true, $readonly = true);

See the manual