Introduction to Maintaining the State of Applications with PHP Sessions - Ending a session: using the “session_destroy()” function

(Page 3 of 5 )

In many situations, the logic of a particular PHP application requires that a specific session be terminated. In order to end an active session, PHP includes the “session_destroy()” function, which as the name indicates, destroys all the data associated with the current session. It’s worth noting that this function doesn’t unset any of the global variables tied to the session or the respective cookie. The use of this function is exemplified below:

session_start();
session_destroy();

As I said before, calling the “session_destroy()” function doesn’t delete the corresponding session variables or associated cookies. Thus a typical script, excerpted from the PHP manual, which destroys the current session along with all the session variables and the cookie associated to it, is listed below:

// destroy a session and all variables and cookies associated
with it.
session_start();
$_SESSION = array();
if(isset($_COOKIE[session_name()])){
   setcookie(session_name(),'', time()-48000,'/');
}
session_destroy();

In the above example, all the session variables are unset by the line:

$_SESSION = array();

while the corresponding cookie is deleted by the following code:

if(isset($_COOKIE[session_name()])){
   setcookie(session_name(),'', time()-48000,'/');
}

Additionally, all the registered session variables can be freed up with the “session_unset()” function. However, for a complete and secure deletion of the entire session, it’s recommended to use the “session_destroy()” function in conjunction with the superglobal $_SESSION array and the “setCookie()” function, as shown in the example above.

Nevertheless, there are some extra issues worth considering when ending sessions. In case the session ID is transmitted by cookies, they will be deleted as soon as the browser is closed. Bearing in mind this condition, you should configure (when possible) the “gc_maxlifetime” and “gc_probability” directives of the php.ini file, in order to instruct PHP to trigger its garbage collection mechanism, in accordance with the requirements of the application being developed.

Fine, at this point, you hopefully learned how to create and destroy an active session. Therefore, let’s move on to the next section and continue exploring a few more handy session functions.

Next: More session functions ahead: finding out the name of active sessions >>
 

More PHP Articles
More By Alejandro Gervasio

Comments On: Introduction to Maintaining the State of Applications with PHP Sessions

· If you're insterested on learning the basics of PHP sessions along with advanced...    · this is the nice article to start with sessions i like it very much and waiting for...    · Thank you for posting your comments regarding this article on PHP sessions. Also,...    · Well put simple and clear. This article is basic and mostly talks about stuff I knew...    · Hello Sig,Thank you for commenting on my PHP article. Of course, I'm glad to...   >>> Post your comment now!