4

I need help regarding session in php

I tried this code

<?php 
session_start();
$_SESSION['one'] = "Hello";
$_SESSION['two'] = "World";
$_SESSION['three'] = "Welcome to session";
var_dump($_SESSION);

It prints

array (size=3)
  'one' => string 'Hello' (length=5)
  'two' => string 'World' (length=5)
  'three' => string 'Welcome to session' (length=18)

Then I unset the session one

unset($_SESSION['one']);
echo "Session one unset and only session two and three exist";
var_dump($_SESSION);

And it prints

Session one unset and only session two and three exist
array (size=2)
  'two' => string 'World' (length=5)
  'three' => string 'Welcome to session' (length=18)

Then if I destroy the session

session_destroy();
echo "Session Destroyed <br />";
var_dump($_SESSION);

But nothing happens and I can still print the session as

Session Destroyed 
array (size=2)
  'two' => string 'World' (length=5)
  'three' => string 'Welcome to session' (length=18)

But if i use session_destroy(); again it gives me a warning

Warning: session_destroy(): Trying to destroy uninitialized session

And instead of session_destroy() code if i use unset

session_unset('two');
echo "Session two unset";
var_dump($_SESSION);

All the session variables get unset and i cant access the session three variable It prints

Session two unset
array (size=0)
  empty

Instead of using session_unset('two'); if I use session_unset(); then I also it gives me the same result.

So what is the actual difference between unset($_SESSION['one']), session_unset('one'), session_unset() and session_destroy().

I googled it and everywhere I got the answer that session_destroy() is used to destroy the whole session (but in the code above I can still access the session variable) and session_unset('one') is used to unset only a single session variabele (But in the code above if I use session_unset('one') all the session variables get unset).

So Please help me understand how session works, Also what code should be used while logging our users, session_unset() or session_destroy().

Ranjith Kuamr K R
  • 93
  • 1
  • 8
  • Do format heading of Q in manner to get exact idea of issue with few words only! http://stackoverflow.com/help/how-to-ask – Vikrant Apr 17 '15 at 05:24
  • possible duplicate of [Session unset, or session\_destroy?](http://stackoverflow.com/questions/5697822/session-unset-or-session-destroy) – Saagar Elias Jacky Apr 17 '15 at 05:34

3 Answers3

5

Its pretty simple,

session_unset — Free all session variables, but session id will not be destroy

session_destroy — Destroys all data registered to a session, to call this function first session should be registered.

unset($_SESSION['VARIABLE_NAME']) - This will unset variable value which you passed.

In your example, calling session_destroy() directly is not correct, as a result you can see the values of variable which are there in session, you can call session_destroy for registered session.

Thanks Amit

Amit Shah
  • 1,380
  • 1
  • 10
  • 19
  • 1. Can you explain how to call `session_destroy()` 2. how can we register a session 3. Is `session_unset()` and `session_unset('VARIABLE_NAME')` have the same effect. because after using `session_unset('VARIABLE_1')`, I cant access `session_unset('VARIABLE_2')` 4. Which of these should i use in logout page – Ranjith Kuamr K R Apr 17 '15 at 06:01
  • 1. session_destroy(), you can call directly. 2. you can call session_register() function to register a session. 3.No session_unset('VARIABLE_NAME') will unset variable from the session, and session_unset() will remove all variables form the session. So in your case you should use session_destroy, which will completely destroy all the session variable, and session ids, and it will logout the user. – Amit Shah Apr 24 '15 at 05:25
3

After using session_destroy(), the session cookie is removed and the session is no longer stored on the server. The values in $_SESSION may still be available, but they will not be on the next page load.

As per PHP

void session_unset ( void )

The session_unset() function frees all session variables currently registered and do not take any parameters.

unset($_SESSION['name']); will delete just the name data.

Saagar Elias Jacky
  • 2,684
  • 2
  • 14
  • 28
  • You are correct, after `session_destroy()` the values in the session variables are no longer available on the next page load. But what is difference between `unset($_SESSION[])` and `session_unset()` – Ranjith Kuamr K R Apr 17 '15 at 05:56
  • OK got it, That means we should use only `session_unset()` and not session_unset('one'). – Ranjith Kuamr K R Apr 21 '15 at 08:23
1

I am guessing that it is destroyed but the memory is not released yet, so you can still look at it. Whereas unset sets it to null.

Rohit Gupta
  • 4,022
  • 20
  • 31
  • 41