session_destroy() doesn't work with PHP >7.0 on server

Question

I'm new to stackoverflow but I'm not new to PHP. Now I've a funny problem:

I'm developing with XAMPP 7.1.11 with PHP 7.1.11 locally, doing logging out from sessions with

$_SESSION = array();
session_destroy();  

in a logout.php file. On top of the page there's a

session_start();

and in past everything went without any problem. Now I did a php version change at the provider from PHP 7.0 to 7.1 and it's not possible to log out any more, the session informations seem not be deleted. I searched the internet but I didn't find a helpful hint and the provider told me to ask some PHP forums.

I tried all hints in the topics

why session_destroy() not working

The session_destroy(); doesn't work correctly on server with php 5.3.21

and many more but nothing is working. A Change from PHP 7.0 to PHP 7.2 at the provider doesn't help as well.

What I'm doing wrong? as I said: locally everything works normally.

Thanks for your help!

Here's the complete logout.php file:

<?php
session_start();
?>
<!-- Import Wordpress -->
<?php 
define('WP_USE_THEMES', false);
require('../wp-load.php'); ?>
<?php get_header(); ?>
<link href="cpplattform.css" type="text/css" rel="stylesheet">
<div class="spacer"></div>
<div class="container">
    <div class="row">
        <div class="<?php if ( is_active_sidebar( 'rightbar' ) ) : ?>col-md-8<?php else : ?>col-md-12<?php endif; ?>">
            <div class="content">                   
                <h2 class="entry-title">Logout</h2>
                <!----------------------------------------------------->                
                <section class = "conf">    
                    <i class='fa fa-power-off fa-5x' style ='color:#00ADED'></i>
                    <br>
                    <br>
                    Your logout was successful! Good Bye!
                    <br>
                    <br>
                    <a class="btn btn-md btn-inverse" href="cplogin.php">Login again</a></p>
                    <?php

                        $_SESSION = array();
                        $_SESSION['username'] = "";                     
                        session_destroy();                      
                    ?>                  
                </section>              
                <!----------------------------------------------------->
            </div><!--content-->
        </div>
    </div>
</div>

<!-- Change all links from Wordpress -->
<script src="cplinkmodify.js"></script>
<?php get_footer(); ?>

I added some static pages and imported a Wordpress theme.

Answer 1

Note: You do not have to call session_destroy() from usual code. Cleanup $_SESSION array rather than destroying session data.

• From the manual

Show us your code page where you set $_SESSION = array(); This should be all you need to do. Check you have set session_start(); on this page:

session_start();
$_SESSION = []; //empty the array. 

--End of file.

If you want to make absolutely sure that it works ok you can try using something like this:

session_start();
$_SESSION = []; //empty array. 
session_write_close(); 

But note any further edits to any session data on this script will not be saved once the script completes.

---

You may also have an issue if your scripts are in different folders and the local php.ini session name is different in these different folders... Different names, different sessions.

Central PHP.ini:

session.name=somethingSessiony

local folder specific PHP.ini

session.name=somethingsessiony

If you feel this may be a factor try something like this:

error_log(__FILE__." : " .print_r(session_name(),true)); 

In both the file that clears the session data and the file that should be reading the "empty" session data.