Reputation: 5012
Remove user's Session existance after logout
While browsing through various user logout functions in PHP, I always come across session_destory() to remote session variables for a particular use, but they dont use setCookie() to remove the user's PHP SESSIONID
The PHP Documentation clearly states:
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
I tried tracking the cookie in Firefox, and using session_destroy(), continues to keep the cookie of PHP SESSIONID, the next time the user logs in, the same SESSIONID id used.
Isn't it always safe to remote the session id Cookie from the user's machine after he has logged out and also what would happen if I fail to delete the SessionID Cookie?
Upvotes: 2
Views: 339
Answers (2)
Reputation: 19879
This should work:
session_regenerate_id ( true );
Description of function:
session_regenerate_id — Update the current session id with a newly generated one. It's only parameter, which is false by default: delete_old_session - Whether to delete the old associated session file or not.
Upvotes: 0
Reputation: 2408
Simply do this:
$_SESSION = array();
That way the session is empty.
No need (nor added security) by destroying it like you try.
Upvotes: 2
Related Questions
- How to delete a Session Cookie
- Session not destroy after logout in php
- Deleting session after log out
- session destroy cookies on log out
- destroy session variable for logout
- PHP Session is not destroying after user logout
- Deleting a PHP cookie upon user logout
- How to logout and leave no traces of SESSION cookie?
- PHP logout cookies and sessions
- How to logout properly (PHP)