Is this a proper way to destroy all session data in php?
You should first know what sessions are: You can consider sessions as a data container on the server side that’s associated with a random identifier, the session ID. That session ID needs to be provided by the client so that the server can load the data associated to that session ID (and thus to that session) into the $_SESSION
variable. Everything in that $_SESSION
variable is also called session variables of the current active session.
Now to your questions:
Does the code will destroy all the sessions?? Is it the most common way? how do you guys destroy php sessions??
The provided code just deletes the session data of the current session. The $_SESSION = array();
statement will simply reset the session variable $_SESSION
so that a future access on the session variable $_SESSION
will fail. But the session container itself is not deleted yet. That will be done by calling session_destroy
.
See also Truly destroying a PHP Session?
Oh yeah, btw, what is that session_name()?? All session name? e.g $_SESSION['var1'], $_SESSION['var2']... ?
The session_name is just used to identify the session ID parameter passed in a cookie, the URL’s query or via a POST parameter. PHP’s default value is PHPSESSID
. But you can change it to whatever you want to.
I dont need to use unset($_SESSION['var1']); any more right???
No. The initial $_SESSION = array();
deletes all the session data.
Whats the different between using session_destroy and unset($_SESSION[])??
session_destroy
will delete the whole session container while unset
or resetting the $_SESSION
variable will only delete the session data for the current runtime.
Destroy all sessions but one
You can reassign $_SESSION['id']
instead of deleting all of the others.
A little trick :)
<?php
session_start();
$tmp = $_SESSION['id'];
session_unset();
$_SESSION['id'] = $tmp;
header("Location: login.php");
exit;
?>
How do I kill a PHP session?
Use session_destroy
to destroy the session data and session_unset
to clear the $_SESSION
variable respectively.
Furthermore, call session_regenerate_id(true)
after an authentication attempt to change the current session’s ID and destroy the session data that is still associated to the old session ID.
Truly destroying a PHP Session?
To destroy a session you should take the following steps:
- delete the session data
- invalidate the session ID
To do this, I’d use this:
session_start();
// resets the session data for the rest of the runtime
$_SESSION = array();
// sends as Set-Cookie to invalidate the session cookie
if (isset($_COOKIE[session_name()])) {
$params = session_get_cookie_params();
setcookie(session_name(), '', 1, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
}
session_destroy();
And to be sure that the session ID is invalid, you should only allow session IDs that were being initiated by your script. So set a flag and check if it is set:
session_start();
if (!isset($_SESSION['CREATED'])) {
// invalidate old session data and ID
session_regenerate_id(true);
$_SESSION['CREATED'] = time();
}
Additionally, you can use this timestamp to swap the session ID periodically to reduce its lifetime:
if (time() - $_SESSION['CREATED'] > ini_get('session.gc_maxlifetime')) {
session_regenerate_id(true);
$_SESSION['CREATED'] = time();
}
How do I destroy a specific session variable in PHP?
What about
unset($_SESSION["products"])
instead of the
session_destroy()
There is only one session per user. So there is no way to destroy a "specific" session. What you can do is delete the contents of your session responsible for the display of the cart (as shown above).
Related Topics
How to Check Which PHP Extensions Have Been Enabled/Disabled in Ubuntu Linux 12.04 Lts
Casperjs Passing Data Back to PHP
Is Is Possible to Set a Default Pdo Fetch Mode
Directory Index Forbidden by Options Directive
How to Set Utf-8 Encoding for a PHP File
PHP - Your PHP Installation Appears to Be Missing the MySQL Extension Which Is Required by Wordpress
Why Does Crypt/Blowfish Generate the Same Hash with Two Different Salts
Display Message Before Redirect to Other Page
How Long Can a Tld Possibly Be
Insert PHP Code in Wordpress Page and Post
Php: How to Resolve a Relative Url
PHP Function for Get All Mondays Within Date Range
Laravel - Using (:Any) Wildcard for All Routes
Relative Path Not Working in Cron PHP Script
How to Pass an Array via $_Get in PHP