Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is this a proper way to destroy all session data in php?

Tags:

php

session

Got it from php.net, but I am not sure is this how everybody destroy all sessions?

// Unset all Sessions
$_SESSION = array();

if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time() -42000, '/');
}

    session_destroy();

Does the code will destroy all the sessions?? Is it the most common way? how do you guys destroy php sessions?

Oh yeah, btw, what is that session_name()? All session name? e.g $_SESSION['var1'], $_SESSION['var2'], ... ?

I dont need to use unset($_SESSION['var1']); any more right?

Whats the different between using session_destroy() and unset($_SESSION[])?

like image 913
bbtang Avatar asked Aug 04 '09 07:08

bbtang


People also ask

Which methods are used to start and destroy the session?

PHP session_destroy() function is used to destroy all session variables completely. session_start();

Which PHP function is used to remove all the session variables?

Description ¶ The session_unset() function frees all session variables currently registered.

What is PHP session how they are created and destroyed?

Session in PHP is a way of temporarily storing and making data accessible across all the website pages. It will create a temporary file that stores various session variables and their values. This will be destroyed when you close the website.

Which method is used to remove all session variables?

Which function is used to erase all session variables stored in the current session? Explanation: The function session_unset() frees all session variables that is currently registered.


2 Answers

You should first know what sessions are: You can consider sessions as a data container on the server side that’s associated with a random identifier, the session ID. That session ID needs to be provided by the client so that the server can load the data associated to that session ID (and thus to that session) into the $_SESSION variable. Everything in that $_SESSION variable is also called session variables of the current active session.

Now to your questions:

Does the code will destroy all the sessions?? Is it the most common way? how do you guys destroy php sessions??

The provided code just deletes the session data of the current session. The $_SESSION = array(); statement will simply reset the session variable $_SESSION so that a future access on the session variable $_SESSION will fail. But the session container itself is not deleted yet. That will be done by calling session_destroy.

See also Truly destroying a PHP Session?

Oh yeah, btw, what is that session_name()?? All session name? e.g $_SESSION['var1'], $_SESSION['var2']... ?

The session_name is just used to identify the session ID parameter passed in a cookie, the URL’s query or via a POST parameter. PHP’s default value is PHPSESSID. But you can change it to whatever you want to.

I dont need to use unset($_SESSION['var1']); any more right???

No. The initial $_SESSION = array(); deletes all the session data.

Whats the different between using session_destroy and unset($_SESSION[])??

session_destroy will delete the whole session container while unset or resetting the $_SESSION variable will only delete the session data for the current runtime.

like image 108
Gumbo Avatar answered Sep 20 '22 01:09

Gumbo


This only destroys the current users session, not all the other users session.

Try using the session_save_path() to find out where the session data is being stored, and then delete all the files there.

like image 23
Marius Avatar answered Sep 19 '22 01:09

Marius