3

I am looking for a way to delete only certain amounts of SESSION data that is stored whilst preserving the session data associated with the user being logged on.

At the moment I am doing this by individual unset statements to the SESSION variables I want to delete.

However I was hoping there may be a more clever way to just delete a whole section of the SESSION array whilst preserving specific variables

e.g.

$_SESSION['username'];
$_SESSION['user_id'];
$_SESSION['ttl'];

The use case for this process would be:

User Logs In --> User performs task --> Once task is complete delete session data associated with task --> User is still logged in!

I had considered perhaps using a table in my Database monitoring logins, what are your opinions on that?

Thanks for your time!

tomaytotomato
  • 3,788
  • 16
  • 64
  • 119
  • You could for_each over the array to unset everything but the one you want. Another way is you can save the variable you want set $_SESSION to a new array and put the var back in it. – jakx Jan 24 '12 at 17:23

4 Answers4

3

There is no way to delete "whole section of the SESSION array whilst preserving specific variables".Instead of that you can use two dimensional array for a task and delete that array.

$_SESSION["task1"]["username"] = "name"
$_SESSION["task1"]["pass"] = "pass"

$_SESSION["task2"]["name"] = "name";

when task1 complete delete like 

  unset($_SESSION["task1"]);

now $_SESSION["task2"] still exist.

sathishkumar
  • 1,780
  • 4
  • 20
  • 31
1

Well you could store all this volatile data inside another key:

$_SESSION['volatile'] = array(
   'one' => 'value'
);

If you dnt want to do that you could use array comparison functions like:

// specify what keys to keep
$_SESSION = array_intersect_key($_SESSION, array('keepme1', 'keepme2', 'etc'));

//specify what keys to remove
$_SESSION = array_diff_key($_SESSION, array('deleteme1', 'deleteme2', 'etc'));

As far as the DB you could do that but its not necessary to accomplish your objective, and unless there are moving parts you didnt list in your original question id say you probably dont need to do anything that complex right now.

prodigitalson
  • 60,050
  • 10
  • 100
  • 114
0

I will have to disagree with @sathishkumar, the following method destroys partially session variables.

public static function destroyPartial($keys)
{

    if (session_status() === \PHP_SESSION_NONE) {
        session_start();
    }

    if (!is_array($keys)) {
        $keys = [$keys];
    }
    foreach ($_SESSION as $k => $v) {
        if (in_array($k, $keys, true)) {
            unset($_SESSION[$k]);
        }
    }



    $recoveringSession = $_SESSION;
    session_destroy();
    session_start();
    $_SESSION = $recoveringSession;
}

In the php docs for the session_destroy function, we can read this:

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

So, the "trick" is to call session_start AFTER session_destroy.

Hope this helps.

ling
  • 9,545
  • 4
  • 52
  • 49
0

Structure your session data in a hierarchy:

$_SESSION['loggedIn'] = TRUE;

// Temporary session data
$_SESSION['temporary'] = array(
    'temp_var1' => 'foo',
    'temp_var2' => 'bar',
    // ...
    'temp_var99' => 'baz'
);

echo $_SESSION['temporary']['temp_var2']; // bar

// Remove all temporary session data
unset($_SESSION['temporary']);

echo $_SESSION['loggedIn'] ? 'yes' : 'no'; // yes
FtDRbwLXw6
  • 27,774
  • 13
  • 70
  • 107