When working with sessions in php, you can use the session_destroy() function to destroy all data associated with a current active session by deleting the session file. The session variables will still be available, but will not be connected with the session.
session_start();
// do things with your session
session_destroy();
If you want to kill a session completely, you need kill a session in php completely, you need to unset all of the session variables and delete the session cookie.
Below is taken from the php manual for session_destroy().
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
Session handling is a big concept in php that allows us to handle and store user information across an entire website or web application.
When working with sessions, the ability to delete session data can be useful.
The php session_destroy() function allows us to destroy all data associated with a particular session in our php code.
session_destroy() deletes the session file which is created and used after starting a session with session_start(). session_destory() does not unset any of the global variables associated with sessions or unset the session cookie.
When calling session_destroy() you are deleting the data associated with the session, but you will still be able to access the variables stored in ‘$_SESSION’.
This can be a little confusing but makes sense – you may want to keep using the certain variables from ‘$_SESSION’ in your code.
How to Completely Kill a Session in php
If you want to completely kill a session, there are a few additional steps you need to take before calling session_destroy()
To kill a session completely in php, you need to unset all of the session variables, and also delete the session cookie.
From the php manual, to destroy a session completely, you can use the following code.
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
Hopefully this article has been useful for you to learn how to destroy a session in php with session_destroy().