I am working on an online ticket booking systems where after making successful booking(after payment) I want to clear the session id. But the thing is I am not able to clear it although I have used <code>session_destroy()</code> to destroy the session. NB: I have echoed the session_id to check if its reset or not. URL: http://7sisters.in/7sislabs/ <pre class="prettyprint"><code>function book_final_tickets() { //var_dump($_SESSION); $session_id = session_id(); $sql = " UPDATE tbl_seat_book SET final_book = 'Y' WHERE session_id = '$session_id' "; //session_unset(); if($r = $this->db->executeQuery($sql)){ if(session_destroy()){ unset($session_id); echo 'Booking successfull'; } } } </code></pre>

<code>session_destroy()</code> alone won't remove the client-side cookie, so the next time the user visits, they'll still have the same session id set (but their server-side session info will have been destroyed). From the docs (emphasis mine): <blockquote> session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. ... In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. </blockquote> You can use <code>session_regenerate_id(true)</code> to generate a new session ID and delete the old one. Note that this will keep all of the information in <code>$_SESSION</code> as part of the new session ID, so you still need to use <code>session_destroy</code> if you want to clear the session info and start fresh. e.g. <pre class="prettyprint"><code><?php session_start(); $_SESSION['blah'] = true; var_dump(session_id()); // q4ufhl29bg63jbhr8nsjp665b1 var_dump($_SESSION); // blah = true session_unset(); session_destroy(); setcookie("PHPSESSID", "", 1); // See note below session_start(); session_regenerate_id(true); var_dump(session_id()); // gigtleqddo84l8cm15qe4il3q3 var_dump($_SESSION); // (empty) ?> </code></pre> and the headers will show the session ID changing on the client-side: <blockquote> Request Header Cookie:PHPSESSID=q4ufhl29bg63jbhr8nsjp665b1 Response Header Set-Cookie:PHPSESSID=deleted; expires=Mon, 27-Dec-2010 16:47:57 GMT PHPSESSID=gigtleqddo84l8cm15qe4il3q3; path=/ </blockquote> (You can get away without the <code>setcookie()</code> call here, since you're creating a new session anyway, so the cookie will be overwritten by the new ID, but it's good practice to explicitly destroy the old cookie).

After destroying the session with session_destroy(), this worked for me: setcookie('PHPSESSID',"",time()-3600,'/'); The key for me was setting the path to '/'. That was the only way to really destroy the cookie.

session_destroy not unsetting the session

I am working on an online ticket booking systems where after making successful booking(after payment) I want to clear the session id. But the thing is I am not able to clear it although I have used session_destroy() to destroy the session.

NB: I have echoed the session_id to check if its reset or not.

URL: http://7sisters.in/7sislabs/

function book_final_tickets()
{

    //var_dump($_SESSION);
    $session_id = session_id();


    $sql = "
        UPDATE
            tbl_seat_book
        SET
            final_book = 'Y'
        WHERE
            session_id = '$session_id'
    ";


    //session_unset();

    if($r = $this->db->executeQuery($sql)){
        if(session_destroy()){
            unset($session_id); 
            echo 'Booking successfull';
        }
    }
}

What is the difference between Session_unset and session_destroy?

session_destroy() function: It destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. session_unset() function: It deletes only the variables from session and session still exists. Only data is truncated.

How do you destroy a specific session?

Destroying a PHP Session A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.

Which of the following is used to destroy the session?

If you want to completely destroy the session, you need to use the function session_destroy(). 2.

How can destroy session after some time in PHP?

It can be done by clicking on the logout button or by destroying that session after a fixed time. By default the expiry time of any particular session that is created is 1440 secs i.e. (24*60) i.e. 24 minutes. But in some cases, we need to change the default time accordingly.

session_destroy() alone won't remove the client-side cookie, so the next time the user visits, they'll still have the same session id set (but their server-side session info will have been destroyed).

From the docs (emphasis mine):

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. ... In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted.

You can use session_regenerate_id(true) to generate a new session ID and delete the old one. Note that this will keep all of the information in $_SESSION as part of the new session ID, so you still need to use session_destroy if you want to clear the session info and start fresh.

e.g.

<?php
    session_start();    
    $_SESSION['blah'] = true;

    var_dump(session_id()); // q4ufhl29bg63jbhr8nsjp665b1
    var_dump($_SESSION);    // blah = true

    session_unset();
    session_destroy();
    setcookie("PHPSESSID", "", 1); // See note below
    session_start();
    session_regenerate_id(true);

    var_dump(session_id()); // gigtleqddo84l8cm15qe4il3q3
    var_dump($_SESSION);    // (empty)
?>

and the headers will show the session ID changing on the client-side:

Request Header
Cookie:PHPSESSID=q4ufhl29bg63jbhr8nsjp665b1

Response Header
Set-Cookie:PHPSESSID=deleted; expires=Mon, 27-Dec-2010 16:47:57 GMT
PHPSESSID=gigtleqddo84l8cm15qe4il3q3; path=/

(You can get away without the setcookie() call here, since you're creating a new session anyway, so the cookie will be overwritten by the new ID, but it's good practice to explicitly destroy the old cookie).

After destroying the session with session_destroy(), this worked for me:

setcookie('PHPSESSID',"",time()-3600,'/');

The key for me was setting the path to '/'. That was the only way to really destroy the cookie.

Call session_id before session_start, and set session_id manually .

Example 1: same session_id will be used

<?php
session_start();

echo session_id(); //4ef975b277b52

session_destroy();

session_start();

echo session_id();  //4ef975b277b52
?>

Example 2: set session_id manually (called before session_start())

<?php
session_id(uniqid()); 
session_start();

echo session_id(); //4ef975d3d52f5  (A)

session_destroy();


session_id(uniqid());
session_start();

echo session_id();  //4ef975d3b3399 (B)
?>

(A) != (B), so you can set session_id manually, see http://php.net/manual/en/function.session-id.php for more information.

Another solution, dont use session_id() , just create new session array:

<?php
$_SESSION['booked'] = false;

if($r = $this->db->executeQuery($sql))
{
    $_SESSION['booked'] = true;
    echo 'Booking successfull';
}
?>

session_destroy not unsetting the session_id

Tags:

php

session

sessionid

AssamGuy

People also ask

3 Answers

Rich Adams

Steven

Zul

Recent Activity

Donate For Us