Is session_unset() deprecated?

Question

In the PHP documentation for session_unset() there is no hint that this function is deprecated so I think it's fine to use it. But then I read through the documentation about session_destroy() where I found this hint:

Note: Only use session_unset() for older deprecated code that does not use $_SESSION.

I know that the session_unset() function is an equivalent for $_SESSION = array();. So what should I use now? Why is on one site a hint that this function is deprecated but on the other hand in the documentation about the function itselfs there is not deprecated note. What's the truth about this function now?

There is a notice `Note: If $_SESSION (or $HTTP_SESSION_VARS for PHP 4.0.6 or less) is used, use unset() to unregister a session variable, i.e. unset ($_SESSION['varname']);.`, they just didn't use the word `deprecated` but that's what they meant to say with that note. — Daniel W., Jul 29 '14 at 13:41
Well bit `session_unset()` unsets all data stored in $_SESSION while `unset()` just unsets one array entry of `$_SESSION`. — TiMESPLiNTER, Jul 29 '14 at 13:43
*"`Only use session_unset() for older deprecated code that does not use $_SESSION`"* - Meaning, that one of the deprecated functions is [`session_register()`](http://php.net/manual/en/function.session-register.php) — Funk Forty Niner, Jul 29 '14 at 13:43
Looks like an oversight to me: if `session_unset()` only unsets "registered" session variables, then it cannot be useful in PHP >5.4.0, since `session_register()` has been removed. If that is *not* what it does, then the manual page is in dire need of a rewrite. — IMSoP, Jul 29 '14 at 14:00
@IMSoP Well `session_register('foo', 'bar')` is an equivalent for `$_SESSION['foo'] = 'bar';` but `session_unset()` is like `$_SESSION = array();` So it does unset all the session data whereas `session_register()` just registers a new key-value-pair. — TiMESPLiNTER, Jul 29 '14 at 14:05

score 3 · Answer 1 · answered Jul 29 '14 at 13:56

I don't know the exact reason, too, but it can be found here I guess: https://github.com/php/php-src/blob/master/ext/session/session.c

PHP handles variables in ZVAL pointers and I think they just wanted the _SESSION superglobal to be handled the same way as any other variable, and not with a "special" command session_unset().

Another benefit is better garbage collection handling I think.

Sometimes, "deprecated" does not mean its a bad function, but you should not use it because code might be removed in future packages simply because it is not neccessary.

score 1 · Answer 2 · answered Jul 29 '14 at 13:43

1

If you want to close the session you must use session_destroy().

session_destroy();

If you want to clear the variables of the session you must use:

$_SESSION = array();

And if you want to clear only one variable of the session you must use:

unset($_SESSION['example']);

answered Jul 29 '14 at 13:43

Programu Unidos Programando

11
3

Thx for your answer. But Why shoudln't I use `session_unset()` anymore? I'm looking for the reason - why :-). – TiMESPLiNTER Jul 29 '14 at 13:44
Because unset($_SESSION['example']); is enough ;) – Kevin Labécot Jul 29 '14 at 13:45

Is session_unset() deprecated?

2 Answers2