Is This a How to Destroy All Session Data in PHP

Is this a proper way to destroy all session data in php?

You should first know what sessions are: You can consider sessions as a data container on the server side that’s associated with a random identifier, the session ID. That session ID needs to be provided by the client so that the server can load the data associated to that session ID (and thus to that session) into the $_SESSION variable. Everything in that $_SESSION variable is also called session variables of the current active session.

Now to your questions:

Does the code will destroy all the sessions?? Is it the most common way? how do you guys destroy php sessions??

The provided code just deletes the session data of the current session. The $_SESSION = array(); statement will simply reset the session variable $_SESSION so that a future access on the session variable $_SESSION will fail. But the session container itself is not deleted yet. That will be done by calling session_destroy.

See also Truly destroying a PHP Session?

Oh yeah, btw, what is that session_name()?? All session name? e.g $_SESSION['var1'], $_SESSION['var2']... ?

The session_name is just used to identify the session ID parameter passed in a cookie, the URL’s query or via a POST parameter. PHP’s default value is PHPSESSID. But you can change it to whatever you want to.

I dont need to use unset($_SESSION['var1']); any more right???

No. The initial $_SESSION = array(); deletes all the session data.

Whats the different between using session_destroy and unset($_SESSION[])??

session_destroy will delete the whole session container while unset or resetting the $_SESSION variable will only delete the session data for the current runtime.

Destroy all sessions but one

You can reassign $_SESSION['id'] instead of deleting all of the others.

A little trick :)

<?php
session_start();
$tmp = $_SESSION['id'];
session_unset();
$_SESSION['id'] = $tmp;

header("Location: login.php");
exit;
?>

is it necessary to destroy all SESSION(at the time of LOGOUT) those I start after LOGIN in PHP?

If you want to simply destroy a session: $_SESSION["sessionname"] = NULL.

If you want to destroy them all: session_destroy()

But why you want to destroy them if the user is logged???... I don't understand you

How to completely (I mean COMPLETELY) destroy all session data and prevent cached access?

Fixed it! Just posting for anyone else who has this issue.

Turns out it all linked back to the session_write_close() command. In my HTML page which hosted restricted content, I had PHP code which checked session variables to determine weather or not to show the page or redirect. Obviously in order to access the $_SESSION[] variables in the first place I first had to set session_id($_GET[<session id passed via GET>]), and then do the checking. Unfortunately, I never called session_write_close() so that webpage never disconnected from the session file. My stand-alone logout script WAS actually deleting the $_SESSION and unset($_SESSION[<variable name>]) WAS working. The issue is that upon the HTML page refresh, I guess it re-saved the session file all over again and effectively re-created it.

The easiest analogy I could think of to explain it would be, editing a Word document and deleting the actual file while it was open in Word, then saving from Word, effectively re-creating the document all over again.

It took me changing the save directory to where I could access it and actually monitoring how the session file changed to figure it out (Good debugging technique btw)

Hope this helps future PHP coders (Good luck, you'll need it lol)

How do I destroy a specific session variable in PHP?

What about

unset($_SESSION["products"])

instead of the

session_destroy()

There is only one session per user. So there is no way to destroy a "specific" session. What you can do is delete the contents of your session responsible for the display of the cart (as shown above).

PHP Unset Session Variable

You can unset session variable using:

1. session_unset - Frees all session variables (It is equal to using: $_SESSION = array(); for older deprecated code)
2. unset($_SESSION['Products']); - Unset only Products index in session variable. (Remember: You have to use like a function, not as you used)
3. session_destroy — Destroys all data registered to a session

To know the difference between using session_unset and session_destroy, read this SO answer. That helps.

Unset all session variables - local websites

You should not be using the same session for four different sites, unless you want them to be linked, and all clear at the same time, etc.

Your problem is that in development, all the sites are on one domain, and the same cookie is being used for all four sessions.

The way to handle this cleanly is using session_name(), which allows you to have completely different sets of session data for each site, by sending different cookies to the browser for each one. Then running session_destroy() would only clear the details for the current site, not the other three sites.

Note also that this issue would almost certainly not arise on a production site, because each site would be on a different domain, meaning separate cookies, and therefore separate sessions.

If you do want all four sites to share the same session for some reason, and can because they all run on the same domain in production, then you are quite right, you could just unset individual variables to save states like "logged into site A as user X, but not logged into site B". This is, however, very unusual, and you probably just want to use session_name() so that your sessions are separate even on development.

How to unset/destroy all session data except some specific keys?

Maybe do something like this

foreach($_SESSION as $key => $val)
{

    if ($key !== 'somekey')
    {

      unset($_SESSION[$key]);

    }

}

---

Related Topics