Why is PHP session_destroy() not working?

Question

I tried to destroy all session variable by using the session_destroy() method, but after using this method, the values are not destroyed.

Why is session_destroy() not working?

Is there any other way to destroy the session in PHP?

if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) 
{   
    session_destroy();   
    session_unset();     
}

Answer 1

Make sure your session is initialized before destroying it.

session_start();
session_destroy();

i.e. you cannot destroy a session in logout.php if you initialized your session in index.php. You must start the session in logout.php before destroying it.

Answer 2

I had to also remove session cookies like this:

session_start(); 
$_SESSION = []; 

// If it's desired to kill the session, also 
// delete the session cookie. 
// Note: This will destroy the session, and 
// not just the session data! 
if (ini_get("session.use_cookies")) { 
    $params = session_get_cookie_params(); 
    setcookie(session_name(), '', time() - 42000, 
        $params["path"], $params["domain"], 
        $params["secure"], $params["httponly"] 
    ); 
} 

// Finally, destroy the session. 
session_destroy();

Source: geeksforgeeks.org

Answer 3

if you destroy the session on 127.0.0.1 it will not affect on localhost and vice versa

Answer 4

After using session_destroy(), the session is destroyed behind the scenes. For some reason this doesn't affect the values in $_SESSION, which was already populated for this request, but it will be empty in future requests.

You can manually clear $_SESSION if you so desire ($_SESSION = [];).

Answer 5

session_destroy() is effective after the page load is complete. So in the second upload, the session is terminated. But with unset() you can also log out from within the page.

Answer 6

Add session_start(); before !Doctype Declaration

    <?php session_start(); ?>
    <!doctype html>
    <html>
    <body>
<?php 
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) 
{   
    session_destroy();   
    session_unset();     
} 
?>
</body>
</html>

Answer 7

It works , but sometimes it doesn't (check the below example)

<?php
session_start();
$_SESSION['name']="shankar";
if(isset($_SESSION['name']))
{
    echo $_SESSION['name']; // Outputs shankar
}
session_destroy();
echo $_SESSION['name']; // Still outputs shankar

Weird!! Right ?

How to overcome this ?

In the above scenario , if you replace session_destroy(); with unset($_SESSION['name']); it works as expected.

But i want to destroy all variables not just a single one !

Yeah there is a fix for this too. Just unset the $_SESSION array. [Credits Ivo Pereira]

unset($_SESSION);

Answer 8

Well, this seems a new problem for me, using a new php server. In the past never had an issue with sessions not ending.

In a test of sessions, I setup a session, ran a session count++ and closed the session. Reloaded the page and to my surprise the variable remained.

I tried the following suggestion posted by mc10

session_destroy();
$_SESSION = array(); // Clears the $_SESSION variable

However, that did not work. I did not think it could work as the session was not active after destroying it, so I reversed it.

$_SESSION = array();
session_destroy();

That worked, reloading the page starting sessios and reviewing the set variables all showed them empty/not-set.

Really not sure why session_destroy() does not work on this PHP Version 5.3.14 server.

Don't really care as long as I know how to clear the sessions.

Answer 9

If you need to clear the values of $_SESSION, set the array equal to an empty array:

$_SESSION = array();

Of course, you can't access the values of $_SESSION on another page once you call session_destroy, so it doesn't matter that much.

Try the following:

session_destroy();
$_SESSION = array(); // Clears the $_SESSION variable

Answer 10

Actually, it works, but you also need to do $_SESSION = array(); after the session_destroy to get rid of $_SESSION variables. However, avoid doing unset($_SESSION) because that makes sessions useless.