How can I clear my php session data correctly?

Question

My php website flows like this:

• Page1.php has an html form which POSTs to Page2.php
• Page2.php stores all the POST data into SESSION variables and has a button leading to Page3.php
• Page3.php has another form which POSTs its data to Page4.php
• Page4.php then stores all its POST data into SESSION variables

My problem is that it may be nessicary for a user to click the back button on Page4.php to go back to Page3.php and change some input. AS im sure your all aware when they get back to Page3.php the form will be blank as the entire page is re-rendered in its default state.

To get around this and re-display the user's previous input im doing this:

<input value="<?php echo $_POST["guest1Ticket"];?> " type="text"  name="guest1Ticket" id="guest1Ticket" onblur="isTicketNumber(this)"  size ="22"/>

This being the important part - <?php echo $_POST["guest1Ticket"];?>

This works but creates another problem for me. If the user goes back to Page1.php (before colsing their browser) and starts the process over again when they get to Page3.php the data from their last run through will be loaded into the form.

What I figure I need to do is clear all of the sdession variables when the user visists Page1.php. I tried to to that like this:

<?php 
 session_start(); 
 session_unset(); 
 session_destroy(); 
?> 

(The above is at the very top of my file with no whitespace before the first character.)

No Warnings are generated when Page1.php loads but the session variables are not getting unset. When I get to Page3.php the data from the last run is still being entered into the form.

How can I clear my session data correctly?

BTW I only need this to work in Chrome and thats where im testing.

Answer 1

Use session_unset(). Like this:

<?php session_start(); ?><!DOCTYPE html>
<html>
  <body>
    <?php
      $_SESSION["variabletounset"] = "I am going to be unset soon along with all of the other session variables.";
      print '<pre>' . "\n";
      print_r($_SESSION);
      print '    </pre>' . "\n";

      session_unset();

      print '    <pre>' . "\n";
      print_r($_SESSION);
      print '    </pre>' . "\n";
    ?>
  </body>
</html>

This would output:

Array
(
variabletounset => I am going to be unset soon along with all of the other session variables.
)

Array
(
)

Answer 2

Only use session_unset() for older deprecated code that does not use $_SESSION.

see session_destroy manual

example you can try and see how it works

session.php

<?php
session_start();
$_SESSION = array('session1'=>1,'session2'=>2);

echo $_SESSION['session1']; //1
$_SESSION['session1'] = 3;
echo "<pre>";
print_r($_SESSION); //session one now updated to 3
echo "</pre>";


$_SESSION = array();
if ($_SESSION['session1']) {
 echo $_SESSION['session1']; //  IS NOW EMPTY
} else {
 echo "woops... nothing found";
}
?>
<p>
<a href="destroyed.php">NOW GOING TO DESTROYED PHP<a/>
</p>

<?php
session_destroy();
?>

destroyed.php

<?php
session_start(); // calling session start first on destroyed.php

print_r($_SESSION); // prints Array ( )  
?>

Answer 3

From the documentation:

If $_SESSION (or $HTTP_SESSION_VARS for PHP 4.0.6 or less) is used,
use unset() to unregister a session variable, i.e. unset ($_SESSION['varname']);

And take care about session_destroy:

session_destroy destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session