[SOLVED] Best practice with sessions...

[CloudSex13]

Hi, thanks for reading.

 

I did a bit of research here and there and learned a bit further into PHP sessions and PHPSESSID.

 

I wanted to know why the following code:

 

$PHPSESSID = session_id();
unset($PHPSESSID);
session_destroy();

 

...will not unset the PHPSESSID, and why PHPSESSID will not disappear when the page is closed by the user...

 

Is that normal?

[.josh]

possibly dumb question, but do you have any other browser instances open? Other tabs/windows?  Session won't actually end unless all tabs/windows are closed.

[CloudSex13]

Thanks Crayon Violent for the help.

 

I'm trying out using a session cookie instead of a persistent cookie, and am finding trouble on how to destroy that session cookie when a user clicks logout.php.

 

My logout.php code has:

 

session_start();

unset($_COOKIE['cookiename']);
session_unset();
session_destroy();

 

Am I forgetting something? :/

[.josh]

A session uses a cookie to store the session id for session vars.  the vars/values are actually stored on the server.  But it doesn't even need the cookie to run the session.  You can pass the session id other ways, if cookies aren't allowed.  That's the only thing that cookies have anything to do with sessions.

 

$_COOKIE is not related to session variables. you delete a cookie by resetting it with an expiration date of sometime in the past. 

[CloudSex13]

Thanks!

[.josh]

and btw make sure you reset it to at least 24 hours in the past, to account for timezone differences.