1

I've learnt that

session_unset() removes all session variables which means it just clears the $_SESSION variable and it’s equivalent to doing:

$_SESSION = array();

This does only affect the local $_SESSION variable instance/s.

session_destroy() destroys the session data that is stored in the session storage.

My question are as below :

  1. Does session mean the $_SESSION super global variable?
  2. When session_destroy() will be called will the super global variable $_SESSION also get destroyed and becomes unaccessible?
  3. If the super global variable $_SESSION doesn't become unaccessible even after calling session_destroy() then what it actually destroys when the session variable instances have already been destroyed by session_unset() ?

Thanks.

PHPLover
  • 1
  • 51
  • 158
  • 311

2 Answers2

1

session_unset() does not destroy the session, session_unset should be used on a single session variable.

session_unset($_SESSION['user_id']);

Does session mean the $_SESSION super global variable?

According to php docs do not use session_unset on the global variable [http://php.net/manual/en/function.session-unset.php][1]

Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal.

When session_destroy() will be called will the super global variable $_SESSION also get destroyed and becomes unaccessible?

No it does not become unaccessible. After destroying a session with session_destroy() you can use session_start() to create a new session.

If the super global variable $_SESSION doesn't become unaccessible even after calling session_destroy() then what it actually destroys when the session variable instances have already been destroyed by session_unset() ?

calling session_unset should be used to remove individual session variables, not to destroy your session. After using session_unset the session is still active, you can see from my test below:

<?php
    // This prints "Active"
    session_start();
    $_SESSION['user_id'] = 1000;
    session_unset($_SESSION['user_id']);
    if(session_status()==2)
        echo "Active \n";

To destroy a session in php, I don't recommend trying to use session_unset. I do:

// hijack then destroy
$session_id = session_id();
session_id($session_id);
session_start();
session_destroy();
session_commit();
sf_admin
  • 577
  • 4
  • 11
0

When starting a session, a session ID will be generated and saved as a cookie.

session_destroy() will remove the array of $_SESSION and thus do the same as session_unset(), but in addition it also destroys the session ID. The cookie will be cleared.

From this point, you can only access the $_SESSION variable again after starting the session with session_start().

Bram van Dartel
  • 25
  • 6