Destroy sessions

[eggwart]

Hi

 

I wrote this code, but it doesn't seem to destroy the session.

 

<?php
session_start(); 
if (!$_SESSION['access'])
  $_SESSION['access'] = 3;

echo 'before: ' . $_SESSION['access'] . '<br>';

session_destroy(); 

echo 'after: ' . $_SESSION['access'] . '<br>';

 

Anyone?

 

Kind regards

eggwart

[eggwart]

This is my output:

 

1: 3

2: 3

Login

 

Pretty sure it shouldn't read '3' after I've destroyed the session.

[Snooble]

You say:

 

If there is NO $_SESSION['access'] make it 3.

 

So it will display 3 if you are not logged in before running this test.

 

Snooble

 

To clarify:

 

<?php
session_start(); 

echo 'before: ' . $_SESSION['access'] . '<br>';

session_destroy(); 

echo 'after: ' . $_SESSION['access'] . '<br>';

 

Try that and then you'll see. Make sure you're logged in when running the script.

 

Snooble

[eggwart]

Sorry, that last bit of output shouldn't be there ie "Login "

This page stands by itself, and is run using Uniform Server 3.3.

 

I ran the code you posted and got

 

1:

2:

 

as expected. But howcome the variable persists as "3" after I've destroyed the session with this code:

 

<?php
session_start(); 
$_SESSION['access'] = 3;

echo 'before: ' . $_SESSION['access'] . '<br>';

session_destroy(); 

echo 'after: ' . $_SESSION['access'] . '<br>';

?>

 

Output:

 

before: 3

after: 3

[magnetica]

Try:

 

$_SESSION = array();

session_destroy();

[eggwart]

Great, this works: $_SESSION = array();

 

But then what's the point of session_destroy();

Shouldn't this function destroy all information in the session. Why do I have to unassign variables manually? That can't be secure.

[Orio]

session_destroy() deletes everything in the $_SESSION array.

$_SESSION = array() does the same thing basically, but it is faster

 

Orio.

[eggwart]

Hmmm. Guess I should read the manual...

 

 

Description

bool session_destroy ( void )

 

 

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie.

 

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

 

Returns TRUE on success or FALSE on failure.

 

Example 1. Destroying a session with $_SESSION

 

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}

// Finally, destroy the session.
session_destroy();
?>  

[ted_chou12]

doesnt $_SESSION = NULL; work?

Ted

[wildteen88]

Yes. It  does the exact same as $_SESSION = array(); but you set the $_SESSION variable to null.

 

You should use unset($_SESSION) after you call session_destory().

[ted_chou12]

thanks, i see