What does session_destroy() do in PHP?

Question

In PHP manual, the description for session_destroy() function is :

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

I am confused about this description. If this function destroys all session data, then why the global variables associated with the session are not unset? Why can we use the session variables again?

Answer 1

I am confused about this description. If this [session_destroy()] function destroys all session data, then why the global variables associated with the session are not unset? Why can we use the session variables again?

Session data is the data associated with the session. The session is defined by its name (the session name) and its id (the session id).

By using that function, all this sessions (name + id) data is destroyed.

The variable container which allowed you to read / set that data is still there, so you can operate on that data (e.g. there might be information in like last activity and this is a logout and you want to store the last activity know at logout or so into some logs or database, so why delete it? that would be counter productive because you want to destroy (or commit) sessions fast, e.g. when you know read-only access is needed only, keep the session data in memory, but commit the session already because there is no need to keep it open).

Keep in mind that even these variables are access via $_SESSION they are not part of the session any longer. Perhaps that is the confusing part?

BTW my description is not totally correct. PHP internally identifies the session data by the id only so you could change the session name and session_destroy() would still remove the session data because the session id has not changed.