PHP NOTES 1 NOTE 33550 ADDED TO FUNCTION SESSION DESTROY

PHP NOTES 1 NOTE 33550 ADDED TO FUNCTION SESSION DESTROY

Date: 30 Jun 2003 13:15:01 -0000

Subject: note 33550 added to function.session-destroy

From: simon@no-spam

if you're using superglobals you shouldn't be using session_unregister() to unset session variables - see http://www.php.net/session

To effectively destroy a session pre PHP 4.1 with Register Globals ON:

function killSession() { // you have to unset each session variable one by one $session_array = explode(";",session_encode()); for ($x = 0; $x < count($session_array); $x++) { $name = substr($session_array[$x], 0, strpos($session_array[$x], "|"));
if (session_is_registered($name)) { session_unregister('$name'); } } if (!empty(session_encode())) { return session_destroy(); } else {
return FALSE;
}
}
For those of us with Superglobals and Register Globals OFF it's really simple (as the manual points out):

function killSession() {
$_SESSION = array(); return @no-spam }

Both the above functions return TRUE or FALSE
As far as destroying the session ID goes if you have PHP 4.3.2+ use session_regenerate_id() to create a new session ID for the new session. Otherwise neoh's code works well.

----
Manual Page -- http://www.php.net/manual/en/function.session-destroy.php Edit Note -- http://master.php.net/manage/user-notes.php?action=edit+33550
Delete Note -- http://master.php.net/manage/user-notes.php?action=delete+33550&report=yes
Reject Note -- http://master.php.net/manage/user-notes.php?action=reject+33550&report=yes

Date: 17 Oct 2003 05:17:21 -0000

Subject: note 33550 deleted from function.session-destroy by sniper

From: sniper@no-spam

Note Submitter: simon at studio24.net
----

if you're using superglobals you shouldn't be using session_unregister() to unset session variables - see http://www.php.net/session

To effectively destroy a session pre PHP 4.1 with Register Globals ON:

function killSession() { // you have to unset each session variable one by one $session_array = explode(";",session_encode()); for ($x = 0; $x < count($session_array); $x++) { $name = substr($session_array[$x], 0, strpos($session_array[$x], "|"));
if (session_is_registered($name)) { session_unregister('$name'); } } if (!empty(session_encode())) { return session_destroy(); } else {
return FALSE;
}
}
For those of us with Superglobals and Register Globals OFF it's really simple (as the manual points out):

function killSession() {
$_SESSION = array(); return @no-spam }

Both the above functions return TRUE or FALSE
As far as destroying the session ID goes if you have PHP 4.3.2+ use session_regenerate_id() to create a new session ID for the new session. Otherwise neoh's code works well.