What is the difference between session_unset() and session_destroy() in PHP?

Question

From the php.net documentation:

session_destroy — Destroys all data registered to a session

session_unset — Free all session variables

My three part question is:

The two functions seem very similar.
What is really the difference between the two?

Both seem to delete all variables registered to a session. Does any of them actually destroy the session itself? If not, how do you accomplish this (destroy the session itself).

Is it correct that neither of the two functions deletes the session cookie at the client?

score 155 · Accepted Answer · answered Nov 30 '10 at 10:20

155

session_unset just clears the $_SESSION variable. It’s equivalent to doing:

$_SESSION = array();

So this does only affect the local $_SESSION variable instance but not the session data in the session storage.

In contrast to that, session_destroy destroys the session data that is stored in the session storage (e.g. the session file in the file system).

Everything else remains unchanged.

answered Nov 30 '10 at 10:20

Gumbo

643,351
109
780
844

@Gumbo Isn't there some problem with session_unset() being deprecated now? I checked this and it didn't work for me. – Navneet Apr 26 '12 at 01:01
@hakre what's the warning? – GoTo Sep 18 '13 at 11:08
4

@GoTo: That session_unset was used to unset global variables registered as sessions variables as it was common in PHP 4. The use of that function as of today is anachronistic and not necessary. The only reason it still is in PHP is probably backwards compatibility and nothing else. If you write new code, you should not use it. If you find it within code, you should remove it together with the calls to session_register() and the rest of the PHP 4 session variables handling functions unless you are explicitly dealing with PHP 4 code. – hakre Sep 18 '13 at 13:33
@hakre I still use it, but as a shorthand for "unset every element of the $_SESSION array". I use it if I find some stale data in the session and then I just want to start over. Also to note that after session_unset you will have an empty array and at the end of the script or on session_write_close() the empty session will be written on disk in the session file. So you will get an empty session file. – GoTo Sep 24 '13 at 21:29
@GoTo: Think twice about the *"unset every element of the $_SESSION array"* case you mention. You most likely do it in error. Either you want to kill the session in the store (e.g. on disk) or you should *not* delete all session variables to not loose session tracking information that belongs there-in. – hakre Sep 25 '13 at 04:57
Not exactly true. When used after session_start(), session_unset() clear all the data connecter with the current session. In contrast session_destroy destroys the session so after this using $_SESSION has non influence on the session data. In this case $_SESSION becomes a local variable – ironbone Apr 09 '14 at 21:22
8

Still it is Confusing : Please describe `local $_SESSION variable instance vs session data in the session storage`. As i know there are 1000 such people like me who didnt get your point. Thanks – Pratik Joshi Jul 13 '15 at 07:12
1

Your answer is too confused. Please consider editing it, because I still think both are destroying session – Pratik Joshi Jul 13 '15 at 17:01
waiting for an answer to the first comment by @pratik – Istiaque Ahmed Sep 11 '17 at 18:47
and what about session_abort() ? – Kiran Maniya Sep 29 '18 at 11:21

score 20 · Answer 2 · edited May 04 '14 at 17:24

20

session_destroy(); is deleting the whole session.

session_unset(); deletes only the variables from session - session still exists. Only data is truncated.

edited May 04 '14 at 17:24

Leandros

16,805
9
69
108

answered Nov 29 '10 at 11:37

Xamael

257
1
9

So it's basically the same difference as DROP and TRUNCATE table in SQL queries, right? – Borjovsky Jan 23 '21 at 19:17

score 17 · Answer 3 · edited Mar 07 '16 at 12:33

17

session_unset();

Just clear all data of all session variable.

session_destroy();

Remove all session.

Example:

session_start();
session_destroy();     
$a = "1234";
$_SESSION[a] = $a;

$_SESSION[a] is NULL.

session_start();
session_unset();     
$a = "1234";
$_SESSION[a] = $a;

$_SESSION[a] is 1234.

So, I will use:

session_start();
session_destroy();   
session_start();  
$a = "1234";
$_SESSION[a] = $a;

edited Mar 07 '16 at 12:33

Thomas Orlita

1,554
14
28

answered Jul 01 '11 at 01:49

SLyHuy

565
6
12

2

in your middle example -> `session_unset();` you are NOT doing anything as you can still use session of `$_SESSION["a"]` , so what is use of it ? – Pratik Joshi Jul 08 '15 at 07:19
1

`$_SESSION[a]` should be `$_SESSION['a'] ` and unlike what you said this is NOT NULL in your first example – Istiaque Ahmed Sep 11 '17 at 18:45

kaushik · Answer 4 · 2015-02-04T06:43:18.637

session_unset() will clear the $_SESSION variable (as in array()), but it won't touch the session file. But when the script ends; the state of the $_SESSION will be written to the file. Then it will clear the file but won't delete it. When you use session_destroy() it won't touch $_SESSION (Use var_dump($_SESSION) after session_destroy()), but will delete the session file, so when script exits there won't be a file to write the state of the $_SESSION.

score 1 · Answer 5 · edited Mar 07 '18 at 02:42

1

I tried to use session_unset($_SESSION['session_name']) thinking it will only unset specific or individual/single session name. But using session_unset($_SESSION['session_name']) will only unset all session name. The right code to use is only unset($_SESSION['session_name']) if you want to unset a single session name.

edited Mar 07 '18 at 02:42

Vasilis G.

7,556
4
19
29

answered Mar 06 '18 at 22:58

Marvin

39
7

score 0 · Answer 6 · edited Dec 18 '17 at 06:26

0

session_destroy() will delete the session after moving the page and session_unset() will delete session when the code is run.

edited Dec 18 '17 at 06:26

HiDeoo

10,353
8
47
47

answered Dec 18 '17 at 06:13

Radian Yusuf Mahendra

1
1

score 0 · Answer 7 · answered Mar 23 '20 at 17:52

session_start(); #it will create an virtual array (associative) in browser realtime memory

two item added

> $_SESSION['me'] = "Yadab";  
> $_SESSION['you'] = "Avi";
>
> print_r($_SESSION); #will give, array( "me"=>"Yadab", "you"=>"Avi" )

test1

> unset($_SESSION['me']); #only 'me' variable is removed fully (index & value) 
> print_r($_SESSION); #now the array is Array("you"=>"Avi")

test2

> session_destroy(); #will unset the values of all session variables, but indexes exists 
> print_r($_SESSION); #Output, Array("you"=>undefined)
> #but some browser can store the value in cookies

test3

> session_unset(); #will unset all the main variables not only the values 
> print_r($_SESSION); #that means session array is now empty, like Array()

test block 1, 2, or 3 at individually by comment out others

score -3 · Answer 8 · answered May 02 '15 at 13:14

-3

I think session_destroy() and session_unset() should be used at the same time to make sure that session data is surely deleted.

answered May 02 '15 at 13:14

Riaj Mahmud Rasel

1

I think means you not sure about the answer.This should be a comment not an answer. – Shaiful Islam May 02 '15 at 13:27
4

`session_unset()` after `session_destroy()` would be pointless. Use `session_unset()` to clear all keys and values from the $_SESSION superglobal, or use `session_destroy()` to delete the whole session; don't use both just to "make sure", trust the function to do its job. – redburn May 07 '15 at 10:03
@redburn `session_destroy()` doesn't unset the sess superglobal var till exit the current page. – Yousha Aleayoub Feb 03 '19 at 19:46

What is the difference between session_unset() and session_destroy() in PHP?

8 Answers8

two item added

test1

test2

test3

test block 1, 2, or 3 at individually by comment out others

Linked

Related