Use of session_destroy() instead of unset($_SESSION['userName']) not working

Question

I have used session_destroy in MVC pattern. If I click logout link, it will redirect correct url but page disappears. It is displaying the below error in Firefox.

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

This problem can sometimes be caused by disabling or refusing to accept cookies."

This is the function I'm using for logout.

Logout function:(Not working)

    public function Logout(){
    session_destroy();
    $this->redirect('index.php?r=admin/login');
    }

I have unset($_SESSION['userName']) the session variable. It is working fine. But session_destroy is not working in that place. What is the reason for that?

Logout function:(working)

public function Logout(){
unset($_SESSION['userName']);
$this->redirect('index.php?r=admin/login');
}

possible duplicate of [why session\_destroy() not working](http://stackoverflow.com/questions/6472123/why-session-destroy-not-working) — Bart, May 27 '14 at 11:52

score 0 · Answer 1 · edited May 23 '17 at 11:51

0

you can use another way to remove session like:-

$_SESSION = array(); // define it with empty array and clear the session values

or use start the session again and then destroy

session_start();
session_destroy();

For more :- why session_destroy() not working

and for better understanding you can read @Chen Asraf answer

edited May 23 '17 at 11:51

Community

1
1

answered May 27 '14 at 11:52

Rakesh Sharma

13,680
5
37
44

have you checked session vars on other page after destroy? or try to print on same page after destroy – Rakesh Sharma May 27 '14 at 12:00
or may be you have any check in code on that page that causing redirecting problem – Rakesh Sharma May 27 '14 at 12:02

score 0 · Answer 2 · edited Jun 20 '20 at 09:12

From the PHP documentation of session_destroy:

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

So in order to truly get rid of the session, you also have to unset or override the $_SESSION superglobal, like you did before.

Use of session_destroy() instead of unset($_SESSION['userName']) not working

2 Answers2