I am reading this.
session_destroy() destroys all of the data associated with the current session.
Clears session data in the persistent storage. I get this.
It does not unset any of the global variables associated with the session, or unset the session cookie.
The session variables are still in memory. I get this too.
To use the session variables again, session_start() has to be called.
This is what I don't get! The session variables are still in memory. I can keep using it. Why do they specifically point out to call session_start() to use the variables again.
For example consider the following code -
session_start();
$_SESSION['first_name'] = "Foo";
$_SESSION['last_name'] = "Bar";
session_destroy();
echo $_SESSION['first_name'] . "<br>"; // I am able to do this, since the session data is still in memory. But I didn't need to call session_start(). So why does the documentation mention it?
It is because the $_SESSION array still exists/has been declared when session_start() is called. So if you want to re-create the array again calling session_start is the only way to do it.
If you made a second request after the destroy and did not call session_start you would find the $_SESSION array to be empty.
Related
I'm a noob programmer so I apologies in advance for any obvious mistakes. I've spent the past week creating a product database kinda thing. I've got too the point where I can add products using a form, view all products added etc. I've being using sessions which are created via the form input data. I'm struggling to include get a delete product page working, I've tried using unset to clear the variable but can't get it too work.
ADD Product page which sets the session variable:
$_SESSION['Products'][] = $_POST; //is how i set the session on the add products page.
unset $_SESSION['Products'][]; //is how i have tried to clear the session although it does not work.
Any point in the right direction will be appreciated!
You can unset session variable using:
session_unset - Frees all session variables (It is equal to using: $_SESSION = array(); for older deprecated code)
unset($_SESSION['Products']); - Unset only Products index in session variable. (Remember: You have to use like a function, not as you used)
session_destroy — Destroys all data registered to a session
To know the difference between using session_unset and session_destroy, read this SO answer. That helps.
I am including this answer in case someone comes to this page for the same reason I did. I just wasted an embarrassing amount of time trying to track the problem down. I was calling:
unset($_SESSION['myVar']);
from a logout script. Then navigating to a page that required login, and the server still thought I was logged in. The problem was that the logout script was not calling:
session_start();
Unsetting a session var DOES NOT WORK unless you start the session first.
Unset is a function. Therefore you have to submit which variable has to be destroyed.
unset($var);
In your case
unset ($_SESSION["products"]);
If you need to reset whole session variable just call
session_destroy ();
If you completely want to clear the session you can use this:
session_unset();
session_destroy();
Actually both are not neccessary but it does not hurt.
If you want to clear only a specific part I think you need this:
unset($_SESSION['Products']);
//or
$_SESSION['Products'] = "";
depending on what you need.
unset is a function, not an operator. Use it like unset($_SESSION['key']); to unset that session key. You can, however, use session_destroy(); as well. (Make sure to start the session with session_start(); as well)
Destroying a PHP Session
A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.
Here is the example to unset a single variable
<?php unset($_SESSION['counter']); ?>
Here is the call which will destroy all the session variables
<?php session_destroy(); ?>
// set
$_SESSION['test'] = 1;
// destroy
unset($_SESSION['test']);
$_SESSION['Poducts'] = 1; // set
unset($_SESSION['Products']); //unset
All the answer about unset are correct but one thing is needed to be corrected. If you did not use session_start() the unset() will never work. I recommend doing it this way
session_start();
unset($_SESSION['productID']);
I'm a noob programmer so I apologies in advance for any obvious mistakes. I've spent the past week creating a product database kinda thing. I've got too the point where I can add products using a form, view all products added etc. I've being using sessions which are created via the form input data. I'm struggling to include get a delete product page working, I've tried using unset to clear the variable but can't get it too work.
ADD Product page which sets the session variable:
$_SESSION['Products'][] = $_POST; //is how i set the session on the add products page.
unset $_SESSION['Products'][]; //is how i have tried to clear the session although it does not work.
Any point in the right direction will be appreciated!
You can unset session variable using:
session_unset - Frees all session variables (It is equal to using: $_SESSION = array(); for older deprecated code)
unset($_SESSION['Products']); - Unset only Products index in session variable. (Remember: You have to use like a function, not as you used)
session_destroy — Destroys all data registered to a session
To know the difference between using session_unset and session_destroy, read this SO answer. That helps.
I am including this answer in case someone comes to this page for the same reason I did. I just wasted an embarrassing amount of time trying to track the problem down. I was calling:
unset($_SESSION['myVar']);
from a logout script. Then navigating to a page that required login, and the server still thought I was logged in. The problem was that the logout script was not calling:
session_start();
Unsetting a session var DOES NOT WORK unless you start the session first.
Unset is a function. Therefore you have to submit which variable has to be destroyed.
unset($var);
In your case
unset ($_SESSION["products"]);
If you need to reset whole session variable just call
session_destroy ();
If you completely want to clear the session you can use this:
session_unset();
session_destroy();
Actually both are not neccessary but it does not hurt.
If you want to clear only a specific part I think you need this:
unset($_SESSION['Products']);
//or
$_SESSION['Products'] = "";
depending on what you need.
unset is a function, not an operator. Use it like unset($_SESSION['key']); to unset that session key. You can, however, use session_destroy(); as well. (Make sure to start the session with session_start(); as well)
Destroying a PHP Session
A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.
Here is the example to unset a single variable
<?php unset($_SESSION['counter']); ?>
Here is the call which will destroy all the session variables
<?php session_destroy(); ?>
// set
$_SESSION['test'] = 1;
// destroy
unset($_SESSION['test']);
$_SESSION['Poducts'] = 1; // set
unset($_SESSION['Products']); //unset
All the answer about unset are correct but one thing is needed to be corrected. If you did not use session_start() the unset() will never work. I recommend doing it this way
session_start();
unset($_SESSION['productID']);
I am using php for server side. How do you destroy one session without destroying another session. Let me explain. I created a form where instead of using regular variables I'm using session variables. When the form is submitted I was using a session_destroy() at the end of the post so to clear the page but it also logs me out destroying the log in session. How could I just destroy the forms session variables without destroying the log in session. Sorry for being real noobish.
to avoid many session unset() you may use like this.
<?php
$_session["form_values"]["data1"]=form data1;
$_session["form_values"]["data2"]=form data2;
$_session["form_values"]["data2"]=form data3;
?>
after saved the value, just unset like this.
<?php
unset($_session["form_values"]);
?>
Hope this saves you.
session_destroy() destroys all of the data associated with the current session.
What you need is unset to clear any specific session with specifying it's key like:
unset($_SESSION['your_vars']);
Reference.
You can remove session variables like any other PHP variable:
unset($_SESSION['whatever']);
The function session_destroy() will remove the session completely.
session_destroy() destroys all of the data associated with the current
session. It does not unset any of the global variables associated with
the session, or unset the session cookie. To use the session variables
again, session_start() has to be called.
In order to kill the session altogether, like to log the user out, the
session id must also be unset. If a cookie is used to propagate the
session id (default behavior), then the session cookie must be
deleted. setcookie() may be used for that.
use unset($_SESSION['session_var']);
unset() destroys the specified variables.
The behavior of unset() inside of a function can vary depending on
what type of variable you are attempting to destroy.
If a globalized variable is unset() inside of a function, only the
local variable is destroyed. The variable in the calling environment
will retain the same value as before unset() was called.
you can use
unset($_SESSION['var']);
you can simply use unset to clear a specific session
unset($_SESSION['session name here']);
When I log a user out of an app I am building I use session_destroy();
But when I go back to the page, all session variables are still set.
How can I completely destroy all session variables and ultimately require a user to log back in again?
Here is my code:
session_unset(); // clears all session variables
$_SESSION = array();
session_destroy(); // deletes session id
Thanks
After using session_destroy(), the session cookie is removed and the session is no longer stored on the server. The values in $_SESSION may still be available, but they will not be on the next page load.
If you need to clear the values of $_SESSION, set the array equal to an empty array:
Of course, you can't access the values of $_SESSION on another page once you call session_destroy, so it doesn't matter that much.Still if you are concerned .
Try the following:
session_destroy();
$_SESSION = array(); // Clears the $_SESSION variable
you are not calling session_destroy() for sure, your code may be unable to access it.
Post more code so we could help you
I have a situation where I've started a session with:
session_id( $consistent_session_name_for_user );
session_start();
$_SESSION['key'] = $value;
but then later I decide I don't actually want to "commit" (write) this session. PHP doesn't seem to have any kind of session_abort_write() function. I don't want to destroy the session variables from prior script runs, so I can't use session_destroy()
I tried session_id(""), but that call fails. I could "redirect" the session so it writes to another session, like session_id("trash"), but that would cause a lot of PHP (Apache) connections to try to write to the same session "file", which I want to avoid.
I'm highly simplifying the problem here, we're actually storing sessions in Memcached and this is a complex codebase. So I don't want to be sending unnecessary "trash" sessions to the Memcached server all the time.
From PHP.net,
session_regenerate_id
will replace the current session id with a new one, and keep the
current session information.
session_unset will free all registered variables
session_unregister ( string $name ) will unregister a specific variable
I haven't actually determined if this method prevents writing the session to the session store, but here's the solution I finally used:
session_id( 'trash' ); // or call session_regenerate_id() as someone else suggested
$_SESSION = array(); // clear the session variables for 'trash'.
I'm hoping this has the effect that nothing will get written, but I'm guessing it still will write a blank file, because PHP can't know that sess_trash isn't already there.
If you want to completely avoid writing the session, you'll have to use a custom session handler in PHP and set a global flag to prevent writing the session.
You could probably use something with session_set_save_handler to put dummy functions in for session handling.
<?php
function fakeIt() {
return true;
}
session_set_save_handler("fakeIt", "fakeIt", "fakeIt", "fakeIt", "fakeIt", "fakeIt");
There is session_write_close(). It dumps out the session array to storage and then "closes" it - $_SESSION will still be available and read/writeable, but any changes will no longer be saved, unless you do a session_start() again later on within the script.