Destroying a session the right way

Question

It might seem a bit of an obvious question but I couldn't really find the answer myself.

In logout scripts you see lots of different ways of destroying sessions. Sometimes they are even used together.

Why should I be using one method above the other?

// One
session_unset();

// Two
session_destroy();

// Three
$_SESSION = array();

I know what these functions do and what they are used for. What I don't understand is why there are multiple methods if they do the same thing anyways. I asked this question to get a better insight in this.

Only `session_destroy()` directly do something to the session — , Jul 11 '16 at 07:23
This might help!!
[enter link description here](http://stackoverflow.com/a/5698005/6468641) — Deepak Singh, Jul 11 '16 at 07:23
Usage of each "method" has it's own use-case, each having their use in the different scenarios, "why" would depend on the need you have. — Epodax, Jul 11 '16 at 07:24

score 2 · Accepted Answer · answered Jul 11 '16 at 08:02

They don't do the same thing. Session unset will clear the $_SESSION variable;

session_unset();

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

The PHP manual specifies that session_destroy won't unset the variable.

Only use session_unset() for older deprecated code that does not use $_SESSION.

Unset is mostly used to target specific sessions where destroy targets all of them.

Destroying a session the right way

1 Answers1