Menu
I have read many php tutorials for logout scripts, i am wondering what could be the proper way to logout from a session!
Script 1
<?php session_start(); session_destroy(); header("location:index.php"); ?> Script 2
<?php session_start(); session_unset(); session_destroy(); header("location:index.php"); ?> Script 3
<?php session_start(); if (isset($_SESSION['username'])) { unset($_SESSION['username']); } header("location:index.php"); ?> Is there any more effective way to do this?? A session can always be created by logging back in, so should i bother about use of session_destroy() and use unset($_SESSION['variable']) instead? which one of the above 3 script is more preferable?
800
A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable. <?
php session_start(); /*This is the equivalent of login.
It can be done by clicking on the logout button or by destroying that session after a fixed time. By default the expiry time of any particular session that is created is 1440 secs i.e. (24*60) i.e. 24 minutes. But in some cases, we need to change the default time accordingly.
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie. When session_start() is called or when a session auto starts, PHP will call the open and read session save handlers.
From the session_destroy() page in the PHP manual:
<?php // Initialize the session. // If you are using session_name("something"), don't forget it now! session_start(); // Unset all of the session variables. $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } // Finally, destroy the session. session_destroy(); ?> Personally, I do the following:
session_start(); setcookie(session_name(), '', 100); session_unset(); session_destroy(); $_SESSION = array(); That way, it kills the cookie, destroys all data stored internally, and destroys the current instance of the session information (which is ignored by session_destroy).
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
