Why Session object destruction failed

Question

I get "Session object destruction failed" when I use session_destroy().

session_start();
if(isset($_SESSION['user_id'])){    
    $_SESSION=array();
    if(isset($_COOKIE[session_name()])){
        setcookie(session_name(),'',0,"/");
    }
    session_destroy();
}

What causes this error?

Answer 1

Error:

Warning: session_destroy(): Session object destruction failed

It's rather trivial, no session has been started object has been comitted, so you can't destroy it.

The @ operator is not always active, e.g. with error reporting functions.

Edit:

1) What causes this error?

This error is normally caused when PHP tries to delete the session file, but it can't find it.

In your case with session_destroy there is only one place in PHP which causes this. That's when the session.save_handler (see as well session_set_save_handler) returns FALSE for the destroy action. This can depends which type of save-handler you use, the default one is files. With that one, when the session.save_path setting is wrong (e.g. not an accessible directory), this would cause such an error.

2) Why would the "@" not be suppressing the error?

That depends how the output is created and on PHP configuration. @ does not always work. For example callbacks registered with set_error_handler will still receive these messages.

Answer 2

In my case I was trying to destroy session before cookie was created. In other words I did something like:

session_start();
...
session_destroy();

So the server didn't have a chance to 'contact' with the browser before destroying the session. Simple solution that worked for me was

session_start();
...
$_SESSION=array();