proper way to logout from a session in PHP

php session

From the session_destroy() page in the PHP manual:

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>

Personally, I do the following:

session_start();
setcookie(session_name(), '', 100);
session_unset();
session_destroy();
$_SESSION = array();

That way, it kills the cookie, destroys all data stored internally, and destroys the current instance of the session information (which is ignored by session_destroy).


Session_unset(); only destroys the session variables. To end the session there is another function called session_destroy(); which also destroys the session .

update :

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that

Related

Links in <select> dropdown options
Removing list of words from a string
Row number per group in mysql
Integrating into Windows Explorer context menu
What is the difference between a slice and an array?
Round number up to the nearest multiple of 3
positional argument follows keyword argument [duplicate]
How do I make an http request using cookies on flutter?
MySQL: What is a reverse version of LIKE?
Get HTTP requests and responses made using HttpWebRequest/HttpWebResponse to show in Fiddler
explicitly cast generic type parameters to any interface
R list of lists to data.frame