clearing session variables specific to one website

[echo_loser]

I am following along in a PHP, MySQL book and the way they clear session variables is by:

 

session_start();
session_unset();
session_destroy();

 

They clear session variables like that in that exact order.

 

My question is that this apparently clears ALL session variables for the browser in use. Every website I have visited when you click a LOGOUT button ONLY logs you out of their specific site and DOES NOT seem to clear ALL session variables as this would log you out of any other websites that you might be logged into with that same browser.

 

So, I went to the PHP website and found out that instead of using the session_unset () function you can clear individual session variables using the unset ($_SESSION['varname']) function.

 

Is this a good way of clearing session variables ONLY for a PARTICULAR website and NOT clearing session variables for the WHOLE browser? If so, would I then NOT use the session_destroy () function after clearing each individual session variable specific to that ONE website using unset ($_SESSION['varname'])?

 

Thank you in advance! 

[trq]

PHP has no control over the session of another website, think about the security issues that would introduce.

 

The code you originally posted relates to the current site only.

[echo_loser]

Ahhh… Ok thank you for that. I’m thinking that the problem is: although I was visiting two separate websites, they were BOTH under LOCALHOST as I was developing locally so when when I cleared session variables for ONE test site it cleared session variables for EVERYTHING under http://localhost?

 

I guess then I have another simple question that relates:

 

There are two different LIVE (NOT localhost) sites under DIFFERENT domain names, they both have a session variable named $_SESSION['logged’], and this variable $_SESSION['logged’] when set to 1(ON) will determine whether or not a user is logged in and display appropriate HTML content. Will there be confusion by the browser between the two different LIVE websites and will there be a chance of content that shouldn’t be accessed (user not logged in) being displayed simply because the other site with the SAME session variable name is set to on?

 

$_SESSION['logged’] == 1

being ON

 

I guess all this confusion came about because my test sites were ALL under http://localhost?

 

Thank you again 

[PFMaBiSmAd]

Will there be confusion by the browser between the two different LIVE websites and will there be a chance of content that shouldn’t be accessed (user not logged in) being displayed simply because the other site with the SAME session variable name is set to on?

 

No. The session id is propagated by the browser, by default, using a session id cookie and cookies of all kinds are specific to the domain that created the cookie.

 

For testing, if you really want to, you can create any number of 'fake' domains on your development system. You would make entries in your HOSTS file for each domain, for example - 127.0.0.1 www.example.com and then setup a virtual host in your web server's configuration that corresponds to that fake domain. You would then access that using http://www.example.com instead of http://localhost