getting session variable even after session destroy

Question

I am newbie in php. I can not under stand a thing that session variable is outputting even after session_destroy() and session_unset().Here is my simple code for test

`session_start();
 SESSION['name']='sovon';
 session_destroy();
 session_unset($_SESSION['name']);
 echo $_SESSION['name'];

`

The output is 'sovon'. My question what is session_destroy() and session_unset() doing here and whats the difference between them? Oh! when I am deleting session_destroy() that variable is getting unset. why?

possible duplicate of [Truly destroying a PHP Session?](http://stackoverflow.com/questions/508959/truly-destroying-a-php-session) — tlenss, Apr 11 '14 at 15:29
use `$_SESSION = null;` besides that, this has no use case, starting and destroying session in the same request — Daniel W., Apr 11 '14 at 15:31
I have found an answer on my own.when i am write Session_destroy() to another php file and echo that variable then its not outputting but in the same page its outputting.Any explanation why this is happening? — faisal ahmed, Apr 11 '14 at 16:55

score 1 · Accepted Answer · answered Apr 11 '14 at 16:50

1

I got it faisal, session_distroy is destroying session if its created in other pages. If the session variable created on the same page then it will be remain. The best practice is to null the session variable after session distroY $_SESSION = NULL;

Like I am using in logout,

session_start();
session_distory();
$_SESSION = NULL;
header('Location: Login.php');

I think this help you.

answered Apr 11 '14 at 16:50

user3477550

74
7

this answer is full of typos – Pablo Pazos Aug 12 '21 at 20:25

René Höhle · Answer 2 · 2014-04-11T15:40:36.660

0

Perhaps its easier if you read the php manual.

session_destroy()

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

So if you want to unset the data inside. You have to unset it.

unset($_SESSION);

Session unset...

session_unset()

deletes all variables and leave session_id. But session_unset has no parameters.

What you search is

unset($_SESSION['name']);

edited Apr 11 '14 at 15:40

answered Apr 11 '14 at 15:29

René Höhle

26,716
22
73
82

if session_destroy() destroys the complete session why the variable outputting the value after destroy? – faisal ahmed Apr 11 '14 at 15:37
`unset($_SESSION)` disables the session feature for the remainder of the request. Don't do that. – Aditya M P Apr 11 '14 at 15:51

score 0 · Answer 3 · answered Jul 20 '22 at 08:36

The following works perfectly in all browsers to kill and destroy and unset all session info. Perfect to put it in sign-out file.

<?php
    session_start();
    session_unset();
    session_destroy();
    session_write_close();
    setcookie(session_name(),'',0,'/');
    session_regenerate_id(true);
?>

getting session variable even after session destroy

3 Answers3