proper way to logout from a session in PHP

Question

I have read many php tutorials for logout scripts, i am wondering what could be the proper way to logout from a session!

Script 1

<?php session_start(); session_destroy(); header("location:index.php"); ?> 

Script 2

<?php session_start(); session_unset(); session_destroy(); header("location:index.php"); ?> 

Script 3

<?php session_start(); if (isset($_SESSION['username'])) {     unset($_SESSION['username']); } header("location:index.php"); ?> 

Is there any more effective way to do this?? A session can always be created by logging back in, so should i bother about use of session_destroy() and use unset($_SESSION['variable']) instead? which one of the above 3 script is more preferable?

Answer 1

From the session_destroy() page in the PHP manual:

<?php // Initialize the session. // If you are using session_name("something"), don't forget it now! session_start();  // Unset all of the session variables. $_SESSION = array();  // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (ini_get("session.use_cookies")) {     $params = session_get_cookie_params();     setcookie(session_name(), '', time() - 42000,         $params["path"], $params["domain"],         $params["secure"], $params["httponly"]     ); }  // Finally, destroy the session. session_destroy(); ?> 

Answer 2

Personally, I do the following:

session_start(); setcookie(session_name(), '', 100); session_unset(); session_destroy(); $_SESSION = array(); 

That way, it kills the cookie, destroys all data stored internally, and destroys the current instance of the session information (which is ignored by session_destroy).