Completly destroying a session.

[WolfRage]

To finish getting rid of my session I want to do like the manual says.

<?php
session_start();
setcookie(session_name(),'',time() - 36000,'/','127.0.0.1',FALSE,TRUE);
session_destroy();
unset(SID);
?>

But unset(SID); causes this error.

Parse error: syntax error, unexpected ')', expecting T_PAAMAYIM_NEKUDOTAYIM

Which means it expects a semi colon, translated from Hebrew.

Why do I get this error? The manual says to do this.

http://www.php.net/manual/en/function.session-destroy.php

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

[dropfaith]

http://www.tizag.com/phpT/phpsessions.php

 

check out the bottom of that link it discusses session destroy

[redarrow]

you should use unset and session_destroy as well.

<?php session_start();

// set a session.
$_SESSION['redarrow']="redarrow";

// echo session

echo $_SESSION['redarrow'];


// let kill session redrrow.

unset($_SESSION['redarrow']);

// let make sure that all session's are killed aswell.

session_destroy();

?>

 

 

 

 

 

 

 

 

[WolfRage]

I appreciate the information really. But I knew what it listed already. And as far as destroying it completely that is not true. Because I can still do this:

<?php
session_start();
setcookie(session_name(),'',time() - 36000,'/','127.0.0.1',FALSE,TRUE);
session_destroy();
echo htmlspecialchars(SID);
//unset(SID);
?>

And the echo statement still works.

So how do I unset the SID? And why do I get this super weird error?

I have a plan that I thought of, I will just unlink() the session file and that will be an equivalent of unset(SID) I think.

[redarrow]

you need to kill the cookie what is a 0

 

 

Try ths way should work.

<?php
session_start();
$_SESSION = array(); // destroy all $_SESSION data
setcookie(session_name(), "", time() - 3600, "/");
session_destroy();
?>

[redarrow]

 

try now.

<?php
session_start();
$_SESSION = array();
setcookie(session_name(),'',time() - 36000,'/','127.0.0.1',FALSE,TRUE);
session_destroy();
echo htmlspecialchars(SID);
//unset(SID);
?>

[WolfRage]

Thanks for the kill the cookie comment but again I know. You can also do it this way, which I do.

<?php
setcookie('Tag_Commerce:3',FALSE,time() - 36000,'/','127.0.0.1',FALSE,TRUE);
?>

Don't believe me read the manual. Returning FALSE will attempt to delete the cookie. Now back to the issue at hand.

So how do I unset the SID? And why do I get this super weird error?

[WolfRage]

Redarrow thanks for your try. But no making adding:

<?php
$_SESSION = array();
?>

Did nothing. Most likely because $_SESSION is already an array.

[redarrow]

.htaccess only way i can think off

php_flag session.use_trans_sid off
php_flag register_globals off

[WolfRage]

I like being able to turn trans_sid on and off using ini_set(), and I always have globals off.

[redarrow]

well there no other way sorry ive been throw every book i got on session's sorry.

 

my last post was a winner but you say it dose not work so sorry.

[WolfRage]

<?php
session_start();
setcookie(session_name(),'',time() - 36000,'/','127.0.0.1',FALSE,TRUE);
setcookie(session_name(),FALSE,time() - 36000,'/','127.0.0.1',FALSE,TRUE);
session_destroy();
unset(SID);
?>

But unset(SID); causes this error.

Parse error: syntax error, unexpected ')', expecting T_PAAMAYIM_NEKUDOTAYIM

Which means it expects a semi colon, translated from Hebrew.

Why do I get this error? The manual says to do this.

http://www.php.net/manual/en/function.session-destroy.php

So how do I unset the SID? And why do I get this super weird error?

[redarrow]

 

so what i understand SID is always defined and if there use it,

 

but there no way off deleting sid wired.

 

 

<?php session_start();

setcookie(session_name(),'',time() - 36000,'/','127.0.0.1',FALSE,TRUE);

if (defined('SID')) {
session_destroy();
unset($_SESSION);
setcookie(session_name(), -3600);
}

echo htmlspecialchars(SID);

?>

 

 

got told this mate.

SID is an empty string if the session cookie was returned

by the browser; as Mike advised, just use it.

[corbin]

SID is a constant.  Even if the session is destroyed mid page, the constant will not be undefined (as in the verb, not the state of being).

 

So SID will always be set going down the page even after session_destroy, but the session array will be empty, and the session cookie should automatically be destroyed client side (since PHP should tell the client to get rid of it).

[redarrow]

That was it, So the sid is being destroyed

client side, Even Theo you can see the sid information correct.

[WolfRage]

Ok I have come to realize that there is no way to get rid of or destroy SID like the two of you say. So I am going to submit this to the manual, because I believe the wording is misleading, and instructs a programer to try something that is an error.

 

So PHP Manual = Wrong on this one. http://www.php.net/manual/en/function.session-destroy.php

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

That is unless some one knows something that we do not.