PHP Session Logout

Question

Why do people do this?

session_start();
unset($_SESSION['session']);
session_destroy();

Why do people do session_start, than unset, then destroy?

Answer 1

session_start() resumes the current active session. By doing this you can access your session variables.

unset($_SESSION['session']); unset() destroys the specified variables.

session_destroy(); destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

for more details goto http://php.net/manual/en/function.session-destroy.php

Or you can search

Answer 2

These tree steps explained:

1. Session_start(); -> initialize session or resumes one if you already have one.

2. Unset($_SESSION); -> you need to be sure that the session array won't exist once you destroy your session even in memory. You can go direct to session_destroy(); and go on, but the loaded array stills there.

3. Session_destroy(); -> to destroy session by removing cookies from the client.

Answer 3

In order to destroy the currently active session, you need to start the session first. That's because session_start() resumes the currently active session. You need access to that because you want to know which session you are unsetting.

You might like to take a look at this line from the manual:

session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.

Reference: PHP Manual - session_unset()