Home/ Questions/Q 811549
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T01:03:45+00:00

When the user clicks a logout button, I connect to a script that simply

  • 0

When the user clicks a logout button, I connect to a script that simply does this

session_destroy();
session_start();

I thought this would be enough to reset all $_SESSION variables such as $_SESSION['logged'] and $_SESSION['username'] but when I load the page again, it automatically logs me in as if the session is still active.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As the documentation explains:

    It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

    In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

    It also gives an example of how to do so:

    <?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>

    Just clearing the array is sufficient to log the user out; they’ll still have the same session ID, but $_SESSION will be empty, so $_SESSION['logged'] and $_SESSION['username'] won’t exist

    • 0