I'm building a small website project and I am curious if there would be any reason not to do session_destroy() when a user wants to log off? What about just before logging in a new user? The site request a user to be logged in before interacting with the site in any way.
Asked
Active
Viewed 67 times
1
JDelage
- 13,036
- 23
- 78
- 112
-
4`session_destroy()` is the recommended method to destroy a PHP session. – Charlotte Dunois Jan 23 '15 at 22:25
-
Well if not session_destroy, I am curious what did you had in mind ? – Samosa Jan 23 '15 at 22:35
2 Answers
1
Yes it is. It's actually the common way to do so. If you want an example see the docs for session_destroy() there's a complete example with everything you need to do.
TheGreenkey
- 143
- 2
- 8
-
-
You can also loop through all session variables and manually unset every variable... There is also a function called [session_unset()](http://php.net/manual/en/function.session-unset.php) – TheGreenkey Jan 23 '15 at 22:40
1
If you are using PHP's built in session management, then it is what you should do at each logout. This way you can make sure that a new user at the same computer can't reuse any saved data that has been stored for the previous user before.
An other way is session_unset, but that, unlike session_destroy does not delete all session data such as data in the session storage. More about the difference: What is the difference between session_unset() and session_destroy() in PHP?
