1

I am new to php, especially for cookie and session, so if I delete the session or cookie using

session_unset();
session_destroy();
//for session

setcookie("user", "", time() - 3600);
//for cookie

it will :
1) delete the session or cookie for only one specific visitor that have run the code above
2) or delete all the session or cookie for all visitor

From logic, it should be 1, but I just want to ensure that. anyone who explain that would be much appreciated, thank you.

asdzxcyykk
  • 69
  • 2
  • 5

5 Answers5

1

session_start() creates a cookie on the client with the default name of PHPSESSID and an id that quite unique and very hard to guess. It will also resume the session if the cookie has already been created and hasn't been expired yet.

session_regenerate_id() regenerates the session ID and moves over the session data to a new ID set by $SESSION['key'] = 'value'; this is handy with login systems to refresh the session ID on successful login for a defense against session attacks.

session_destroy() removes session data stored on the server for that session id and requests the client to delete that cookie, however to save performance this is done routinely and not immediately.

You are also able to create named sessions, and specifically start and destroy them but usually this is not needed.

You are able to handle session data and store the data in a database if you so prefer.

Community
  • 1
  • 1
Xorifelse
  • 7,878
  • 1
  • 27
  • 38
  • 1
    A side note and often forgotten, using [session_write_close](http://php.net/manual/en/function.session-write-close.php) to prevent concurrent writes. This releases the session lock to be used with simultaneous scripts executing (e.g ajax) using `session`. – dbf May 30 '16 at 17:59
  • @dbf I was, completely unaware of this, so thanks for sharing. I just realized now why `session_start()` returns a boolean. – Xorifelse May 30 '16 at 18:04
  • Your welcome ;) and now you can edit questions without a hassle and review :D – dbf May 30 '16 at 18:09
  • Nou dat valt best mee moet ik zeggen ;) – dbf May 30 '16 at 18:29
0

It is specific to the user. Write some code that involves starting a session and check in your browser and you will see the cookie on your machine. There is a whole documentation section on how PHP handles sessions.

HenryTK
  • 1,287
  • 8
  • 11
0

This code will remove session cookie of personal visitor & remove session file on server.
setcookie(..) will create cookie on this visitor.

Cvetomir
  • 29
  • 4
0

The proper way to set a session is 

$_SESSION['session_name'] = 'value of the session';

session_destroy() will all the sessions.

You also need session_start() at the very top of the code to start any type of php session. Same goes for set cookie and destroy cookie.

The best way to learn php is to first read the book and then you can go digital learning. You can't learn from online, I suggest you get a php book; go through the entire thing then come online write small piece of code and start small files as a test bed.

Paper first, going digital next; it takes some time so give yourself a project to work on. Sorry to get carried away, but that's how I recommend you should do it.

unixmiah
  • 3,081
  • 1
  • 12
  • 26
0

session_destroy(); will delete all sessions stored on the server for this user. If you are looking for a specific session like username use $_SESSION['username'] = $username; to create it. And then unset it using session_unset('username'); Be careful to keep session start at the top of the document.

Niall
  • 804
  • 10
  • 27