Home/ Questions/Q 3276962
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T19:19:03+00:00

Is it enough to session_start(); // Must start a session before destroying it if

  • 0

Is it enough to 

session_start();   //  Must start a session before destroying it

if (isset($_SESSION))
{
    unset($_SESSION);
    session_unset();
    session_destroy();
}

when the user selects Log out from a menu, but does not quit his browser? I want to totally remove all existence of the session and $_SESSION

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    According to the manual, there’s more to do:

    In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

    The manual link has a full working example on how to do that. Stolen from there:

    <?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>
    • 0