Unset() and session_destroy();

Question

<?php session_start();
if(isset($_SESSION["user_name"]))
if($_GET["destroy"]=="yes")
{
unset($_SESSION["user_name"]);
session_destroy();
}

if(!isset($_SESSION["user_name"]) &&
$_GET["user"]!="")
$_SESSION["user_name"] = $_GET["user"];

?>
<html>
<head>
<title>Session Example</title>
</head>
<body>
Welcome <?php echo $_SESSION["user_name"]; ?>
<form action="#">
Input your name here: <input type=text name=user>
<input type=submit value=Submit>
</form>

<form action="#">
<input type=hidden value=yes name=destroy>
<input type=submit value="Destroy Previous Session">
</form>
</body>

</html>

on the above,there are two lines "unset($SESSION["username"]); session_destroy();" when i deleted "session_destroy();" the dispay is the same as have it. is it unnecessary ?who can explain this ,any tips would be appreciated.

Answer 1

session_destroy() destroys all of the data associated with the current session

unset destroys the specific session cookie

but php.net tells about session_destroy():

Note: You do not have to call session_destroy() from usual code. Cleanup $_SESSION array rather than destroying session data.

In order to kill the session altogether, the session ID must also be unset. If a cookie is used to propagate the session ID (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

Answer 2

My understanding is that if you use session_destroy() you don't have to unset the session file above. Session_destroy() unsets all the data from session,including $_SESSION['username'].

https://www.php.net/manual/en/function.session-destroy.php

To me it looks that if the session value still gets echoed, than the condition:

if(!isset($_SESSION["user_name"]) && $_GET["user"]!="")

has not been met. It's hard to evaluate it based on the code above.

Answer 3

unset() destroys the specified variables.

session_destroy() destroys all of the data associated with the current session

For more details Unset and session_destroy()