Got it from php.net, but I am not sure is this how everybody destroy all sessions?
// Unset all Sessions
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() -42000, '/');
}
session_destroy();
Does the code will destroy all the sessions?? Is it the most common way? how do you guys destroy php sessions?
Oh yeah, btw, what is that session_name()? All session name? e.g $_SESSION['var1'], $_SESSION['var2'], … ?
I dont need to use unset($_SESSION['var1']); any more right?
Whats the different between using session_destroy() and unset($_SESSION[])?
You should first know what sessions are: You can consider sessions as a data container on the server side that’s associated with a random identifier, the session ID. That session ID needs to be provided by the client so that the server can load the data associated to that session ID (and thus to that session) into the
$_SESSIONvariable. Everything in that$_SESSIONvariable is also called session variables of the current active session.Now to your questions:
The provided code just deletes the session data of the current session. The
$_SESSION = array();statement will simply reset the session variable$_SESSIONso that a future access on the session variable$_SESSIONwill fail. But the session container itself is not deleted yet. That will be done by callingsession_destroy.See also Truly destroying a PHP Session?
The session_name is just used to identify the session ID parameter passed in a cookie, the URL’s query or via a POST parameter. PHP’s default value is
PHPSESSID. But you can change it to whatever you want to.No. The initial
$_SESSION = array();deletes all the session data.session_destroywill delete the whole session container whileunsetor resetting the$_SESSIONvariable will only delete the session data for the current runtime.