Can't end PHP session

Question

ok so I have the following code that echos some session variables that I set already.(They echo like intended.)

(index.php)

<?php session_start();?>
Username: <?php echo $_SESSION['username']; ?><br>
Password(encrypted): <?php echo $_SESSION['password']; ?><br>
ThemeColor: <?php echo $_SESSION['themecolor']; ?><br>

And I have this code which I try to end the session with, but when I run the code above, the variables still echo out, so the session is still active

(logout.php)

<?php
session_start();
session_unset();
session_destroy();
?>

Can you tell me what I'm doing wrong?

Perhaps the session fields are being re-populated each time to echo them? — Flosculus, Jan 03 '14 at 14:21
here's a good answer: http://stackoverflow.com/questions/508959/truly-destroying-a-php-session — m79lkm, Jan 03 '14 at 14:23

score 2 · Answer 1 · answered Jan 03 '14 at 14:25

Straight from the PHP documentation:

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>

Linking to and including a snippet from the documentation is more helpful than an isolated snippet from the documentation, in my opinion. I could just post a link on its own but that is not good SO practice - self-contained answers are. A bit of an unfair downvote. — Josh Harrison, Jan 03 '14 at 14:29

score 1 · Answer 2 · edited May 23 '17 at 12:28

Keep your existing snippet and try adding the following snippet:

// Clear all values of the $_SESSION array by creating a new one
$_SESSION = array();

// If your session is setup to use cookies, expire the cookie
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

The above snippet was borrowed from it's original answer here. All credit goes to the original author Pekka.

ImmortalPC · Answer 3 · 2014-01-03T14:27:25.550

0

A session use cookie, so you need to destroy this cookie:

    function destroySession()
    {
        $params = session_get_cookie_params();
        setcookie(session_name(), '', time() - 42000,
            $params['path'], $params['domain'],
            $params['secure'], $params['httponly']
        );
        session_destroy();
        unset($_SESSION);
    }

edited Jan 03 '14 at 14:27

answered Jan 03 '14 at 14:22

ImmortalPC

1,650
1
13
17

score 0 · Answer 4 · answered Jan 03 '14 at 14:24

0

After using session_destroy(), the session cookie is removed and the session is no longer stored on the server. The values in $_SESSION may still be available, but they will not be on the next page load.

answered Jan 03 '14 at 14:24

bthall

56
4

This is correct apart from the bit about the cookie. From the session_destroy docs: `It does not unset any of the global variables associated with the session, or unset the session cookie.` – Jim Jan 03 '14 at 15:01

Can't end PHP session

4 Answers4