session not destroying

Question

designalex 0 Light Poster

13 Years Ago

Hi, its me again.:scared:

im using the following code to destroy my session but instead of removing the session, it just empties the data, for e.g:
when i start the session a file is created, after storing my data in the session the file could be 2 or 3 kb in size, after i logout the same session file is still there but it its 0kb in size

elseif($_GET['instruction'] = "logout")
{	
	//session_regenerate_id();
	session_start();
	session_destroy();
	
	header("location: ../index.php");
}

please note: i am using session.save_path to change the folder of my session files.

if you can also guide me regarding the following:

1. session_regenerate_id(), do i use it before or after i call session_start on all pages

2. if i use session_destroy does it also delete the cookie on the clients machine?

php session

2 Contributors
1 Reply
205 Views
10 Hours Discussion Span
Latest Post 13 Years Ago Latest Post by SRocks

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

SRocks 0 Newbie Poster · Answer 1 · 2011-05-03T06:08:16+00:00

Try d following snippet...
<?php
// you have to open the session first
session_start();

//remove all the variables in the session
session_unset();

// destroy the session
session_destroy();
?>
" session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that. "
You should use session_regenerate_id() after your call to session_start

Cookie on client's machine contains the session id and that session id is used to identify the session data associated with the user stored on d server.

session_destroy does not delete the cookie unless you do so using setcookie method..