Is there a difference between killing and destroying sessions?

[webmaster1]

While the manual provides an example on how to destroy a session it also provides a block of code that kills the session:

 

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

 

If I want to log out and stop the session completely, should I kill, destroy or both?

[oni-kun]

The definitions of killing and destroying fortunately relate to your question.

[webmaster1]

The manual explains that killing destroys the session data and the session whereas destroying destroys the session.

 

Would I be correct to assume that I only need to destroy the session for my log out page?

[oni-kun]

Where do I see "killing" in the manual? Destroying the session will remove the data from memory (To some extent), Killing the session or deleting the client's cookie/and or your server's /tmp entry of the data is another subject, that should not in any practise need to be used on a logout such as you mentioned.

[webmaster1]

Where do I see "killing" in the manual?

 

// If it's desired to kill the session, also delete the session cookie.

 

Destroying the session will remove the data from memory (To some extent), Killing the session or deleting the client's cookie/and or your server's /tmp entry of the data is another subject, that should not in any practise need to be used on a logout such as you mentioned.

 

Cheers for that explanation.