Code below:
$_SESSION = array();
Will it clear all session data? If I wouldn't want to use session_destory().
Yup, it will destroy all session data but not the session itself.
Basically, there's three elements to a session:
The session itself, initialized with session_start()
The session cookie which is set automatically
Session data which is set via $_SESSION['foo'] = 'bar'
So you are only destroying the session data. session_destroy() destroys both the data and the session itself, but does not remove the session cookie.
The only "real" difference between $_SESSION = array() and session_destroy() is that after session_destroy(), setting session data will not work anymore before initializing a new session.
Yes, setting $_SESSION to a blank array will essentially unset all existing array keys.
Related
I've learnt that
session_unset() removes all session variables which means it just clears the $_SESSION variable and it’s equivalent to doing:
$_SESSION = array();
This does only affect the local $_SESSION variable instance/s.
session_destroy() destroys the session data that is stored in the session storage.
My question are as below :
Does session mean the $_SESSION super global variable?
When session_destroy() will be called will the super global variable $_SESSION also get destroyed and becomes unaccessible?
If the super global variable $_SESSION doesn't become unaccessible even after calling session_destroy() then what it actually destroys when the session variable instances have already been destroyed by session_unset() ?
Thanks.
session_unset() does not destroy the session, session_unset should be used on a single session variable.
session_unset($_SESSION['user_id']);
Does session mean the $_SESSION super global variable?
According to php docs do not use session_unset on the global variable [http://php.net/manual/en/function.session-unset.php][1]
Do NOT unset the whole $_SESSION with unset($_SESSION) as this will
disable the registering of session variables through the $_SESSION
superglobal.
When session_destroy() will be called will the super global variable $_SESSION also get destroyed and becomes unaccessible?
No it does not become unaccessible. After destroying a session with session_destroy() you can use session_start() to create a new session.
If the super global variable $_SESSION doesn't become unaccessible even after calling session_destroy() then what it actually destroys when the session variable instances have already been destroyed by session_unset() ?
calling session_unset should be used to remove individual session variables, not to destroy your session. After using session_unset the session is still active, you can see from my test below:
<?php
// This prints "Active"
session_start();
$_SESSION['user_id'] = 1000;
session_unset($_SESSION['user_id']);
if(session_status()==2)
echo "Active \n";
To destroy a session in php, I don't recommend trying to use session_unset. I do:
// hijack then destroy
$session_id = session_id();
session_id($session_id);
session_start();
session_destroy();
session_commit();
When starting a session, a session ID will be generated and saved as a cookie.
session_destroy() will remove the array of $_SESSION and thus do the same as session_unset(), but in addition it also destroys the session ID. The cookie will be cleared.
From this point, you can only access the $_SESSION variable again after starting the session with session_start().
I have a PHP script that uses session_decode to get the session variables of customer's session (from session stored file).
The problem is that whenever I call the script and it reads the session variables, it also add them to my own session. Is there a way to avoid this or maybe use a better method to get the customer's session information without using session_decode?
Thanks
I think I have found the simplest solution/workaround:
<?php
// if session is not started
session_start();
// store our current session
$my_sess = $_SESSION;
// decode $data (the encoded session data, either from a file or database). Remember, decoded data is put directly into $_SESSION
session_decode($data);
$data = $_SESSION;
print_r($data);
// restore our own session
$_SESSION = $my_sess;
?>
I am using php for server side. How do you destroy one session without destroying another session. Let me explain. I created a form where instead of using regular variables I'm using session variables. When the form is submitted I was using a session_destroy() at the end of the post so to clear the page but it also logs me out destroying the log in session. How could I just destroy the forms session variables without destroying the log in session. Sorry for being real noobish.
to avoid many session unset() you may use like this.
<?php
$_session["form_values"]["data1"]=form data1;
$_session["form_values"]["data2"]=form data2;
$_session["form_values"]["data2"]=form data3;
?>
after saved the value, just unset like this.
<?php
unset($_session["form_values"]);
?>
Hope this saves you.
session_destroy() destroys all of the data associated with the current session.
What you need is unset to clear any specific session with specifying it's key like:
unset($_SESSION['your_vars']);
Reference.
You can remove session variables like any other PHP variable:
unset($_SESSION['whatever']);
The function session_destroy() will remove the session completely.
session_destroy() destroys all of the data associated with the current
session. It does not unset any of the global variables associated with
the session, or unset the session cookie. To use the session variables
again, session_start() has to be called.
In order to kill the session altogether, like to log the user out, the
session id must also be unset. If a cookie is used to propagate the
session id (default behavior), then the session cookie must be
deleted. setcookie() may be used for that.
use unset($_SESSION['session_var']);
unset() destroys the specified variables.
The behavior of unset() inside of a function can vary depending on
what type of variable you are attempting to destroy.
If a globalized variable is unset() inside of a function, only the
local variable is destroyed. The variable in the calling environment
will retain the same value as before unset() was called.
you can use
unset($_SESSION['var']);
you can simply use unset to clear a specific session
unset($_SESSION['session name here']);
I have a session like this: $_SESSION['mycatalogue']['user']
When I unset, I do this: unset($_SESSION['mycatalogue'])
What I want to know is, are all of the following meant to do the same thing:
unset($_SESSION['mycatalogue'])
unset($_SESSION['mycatalogue']['user'])
$_SESSION['mycatalogue']['user'] = ""
So when I am unsetting a session or assigning NULL to it, it still keeps the arrays in memory?
First you need to clear about session concept. Your session is this $_SESSION['mycatalogue']. ['user'] is a index in your session names as mycatalogue.
If you want to unset a particular index from your session then use like
unset($_SESSION['mycatalogue']['user'])
It is as same as you unset an index of array.
$_SESSION['mycatalogue']['user'] = ""
will not unset your index user in your session. It will just set it as empty.
unset($_SESSION['mycatalogue'])
will unset your all session named as mycatalogue.
session_destroy will unset your all data related to current session but not unset any global variable
Unset will destroy a particular session variable whereas session_destroy() will destroy all the session data for that user.
It really depends on your application as to which one you should use. Just keep the above in mind.
unset($_SESSION['name']); // will delete just the name data
session_destroy(); // will delete ALL data associated with that user.
When I log a user out of an app I am building I use session_destroy();
But when I go back to the page, all session variables are still set.
How can I completely destroy all session variables and ultimately require a user to log back in again?
Here is my code:
session_unset(); // clears all session variables
$_SESSION = array();
session_destroy(); // deletes session id
Thanks
After using session_destroy(), the session cookie is removed and the session is no longer stored on the server. The values in $_SESSION may still be available, but they will not be on the next page load.
If you need to clear the values of $_SESSION, set the array equal to an empty array:
Of course, you can't access the values of $_SESSION on another page once you call session_destroy, so it doesn't matter that much.Still if you are concerned .
Try the following:
session_destroy();
$_SESSION = array(); // Clears the $_SESSION variable
you are not calling session_destroy() for sure, your code may be unable to access it.
Post more code so we could help you