-1
function killsession()
{
  //  global $_SESSION;
    $_SESSION = array();
    if (session_id() != "" || isset($_COOKIE[session_name()])) {
        setcookie(session_name(), '', time() - 42000, '/');
    }
    session_unset();
    session_destroy();
    header("Location: "index");

}

Any ideas why $_SESSION['userid'] still stands after I run this function? I literally stay logged in.

Session name and start() is set at the top of every page.

domino
  • 7,271
  • 12
  • 36
  • 48
  • 1
    No need for `global $_SESSION;`, it's global by default. – Niko Jun 14 '12 at 22:16
  • 1
    @Niko realized that shortly after posting. Why am I getting downvoted? That wasn't the solution btw. – domino Jun 14 '12 at 22:17
  • why declaring $_SESSION as array? a session is destroyed by simply calling session_destroy() – Gntem Jun 14 '12 at 22:21
  • possible duplicate of [Best way to completely destroy a session - even if the browser is not closed](http://stackoverflow.com/questions/3948230/best-way-to-completely-destroy-a-session-even-if-the-browser-is-not-closed) – Zuul Jun 14 '12 at 22:21
  • @GeoPhoenix It should clear all the data. session_destory doesn't seem to be working for me. – domino Jun 14 '12 at 22:24
  • It seems to be working outside the function.. – domino Jun 14 '12 at 22:26
  • @domino That `header()` call isn't really valid in your example - is it in your actual code? Because an HTTP request is required to delete the cookie. – Niko Jun 14 '12 at 22:26

2 Answers2

2

As found on the PHP session_destroy() manual:

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

Example directly from PHP Manual:

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>

Applying this example to your function:

function killsession()
{
  // start the session, if started before, comment
  session_start();

  // Unset all of the session variables. 
  $_SESSION = array();

  // destroy the session, and not just the session data!
  if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
  }

  // destroy the session.
  session_destroy();

  // direct user
  header("Location: index.php");
}

Consider this two session variables:

$_SESSION['userid']=25;
$_SESSION['userName']='Super BuBu';

The output for print_r($_SESSION);, will be:

Array ( [userid] => 25 [userName] => Super BuBu )

After calling the killsession() function, the output will be:

Array ( );

See this working example. Errors are suppose to appear in this environment due to previous outputs and headers being performed by the print_r and session interactions.

Zuul
  • 16,217
  • 6
  • 61
  • 88
  • @domino, don't know if you follow the like provided on the question comment, but here you have the `killsession()` function adapted to destroy all the session data and cookies. ohh, it is tested! :) – Zuul Jun 14 '12 at 23:15
0

Try just

 function killsession() {
     unset($_SESSION['userid']);
     session_destroy();
     header("Location: "index");

 }
Damien Pirsy
  • 25,319
  • 8
  • 70
  • 77
ivandcl
  • 114
  • 1
  • 4