[PHP 4, PHP 5, PHP 7, PHP 8]
session_destroy — Destroys all data registered to a session
Description
session_destroy[]: bool
session_destroy[] destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start[] has to be called.
Note: You do not have to call session_destroy[] from usual code. Cleanup $_SESSION array rather than destroying session data.
In order to kill the session altogether, the session ID must also be unset. If a cookie is used to propagate the session ID [default behavior], then the session cookie must be deleted. setcookie[] may be used for that.
When session.use_strict_mode is enabled. You do not have to remove obsolete session ID cookie because session module will not accept session ID cookie when there is no data associated to the session ID and set new session ID cookie. Enabling session.use_strict_mode is recommended for all sites.
Warning
Immediate session deletion may cause unwanted results. When there is concurrent requests, other connections may see sudden session data loss. e.g. Requests from JavaScript and/or requests from URL links.
Although current session module does not accept empty session ID cookie, but immediate session deletion may result in empty session ID cookie due to client[browser] side race condition. This will result that the client creates many session ID needlessly.
To avoid these, you must set deletion time-stamp to $_SESSION and reject access while later. Or make sure your application does not have concurrent requests. This applies to session_regenerate_id[] also.
Parameters
This function has no parameters.
Return Values
Returns true on success or false on failure.
Examples
Example #1 Destroying a session with $_SESSION
See Also
- session.use_strict_mode
- session_reset[] - Re-initialize session array with original values
- session_regenerate_id[] - Update the current session id with a newly generated one
- unset[] - Unset a given variable
- setcookie[] - Send a cookie
Praveen V ¶
10 years ago
If you want to change the session id on each log in, make sure to use session_regenerate_id[true] during the log in process.
[Edited by moderator [googleguy at php dot net]]
Jack Luo ¶
8 years ago
It took me a while to figure out how to destroy a particular session in php. Note I'm not sure if solution provided below is perfect but it seems work for me. Please feel free to post any easier way to destroy a particular session. Because it's quite useful for functionality of force an user offline.
1. If you're using db or memcached to manage session, you can always delete that session entry directly from db or memcached.
2. Using generic php session methods to delete a particular session[by session id].
JBH ¶
5 years ago
I'm using PHP 7.1 and received the following warning when implementing Example #1, above:
PHP message: PHP Warning: session_destroy[]: Trying to destroy uninitialized session in...
What I discovered is that clearing $_SESSION and removing the cookie destroys the session, hence the warning. To avoid the warning while still keeping the value of using session_destroy[], do this after everything else:
if [session_status[] == PHP_SESSION_ACTIVE] { session_destroy[]; }
greald at gmail dot com ¶
1 year ago
All of a sudden neither session_destroy[] nor $_SESSION=[] were sufficient to log out. I found the next to work: