Why UNSETTING SESSION Necessary When SESSION DESTROY Already Took Place ?

@developer_webApr 19.2021

Folks,

If Session has been destroyed in LINE 21 then why in LINE 21 a session is getting UNSET ?
How can you UNSET when there is no Session left ?
Note the 2 comments on LINES 21 & 27.

[code] <?php

session_start();

$_SESSION[‘user’] = NULL;

if(ISSET($_SESSION[‘user’])) { unset($_SESSION[‘user’]); echo ‘Unsetted: ‘ .’Session[“user”]’; echo ‘ ’; } else { echo ‘Was not set: ‘ .’Session[“user”]’; echo ‘ ’; }

echo __LINE__; echo ‘ ’;

$_SESSION[‘user’] = ”; //Even though value is blank, it is still counted as session set.

session_destroy(); //LINE 21

echo ‘Destroyed Session’; echo ‘ ’;

echo __LINE__; echo ‘ ’;

if(ISSET($_SESSION[‘user’])) //LINE 27: WHY IS THIS LINE TRIGGERRING WHEN SESSION HAS ALREADY BEEN DESTROYED IN LINE 21? { unset($_SESSION[‘user’]); echo ‘Unsetted: ‘ .’Session[“user”]’; echo ‘ ’; //LINE 30: WHY IS THIS LINE ECHOING WHEN SESSION HAS ALREADY BEEN DESTROYED IN LINE 21? } else { echo ‘Was not set: ‘ .’Session[“user”]’; echo ‘ ’; }

die;

?> [/code]

to post a comment

PHP

9 Comments(s) _↴

@NogDogApr 19.2021 — #session_destroy() destroys the data being stored on the server (where it's stored so that it's available to subsequent requests within that session); but it does not touch the current $_SESSION array in the running script.

Also, from https://www.php.net/session_destroy :

> **Note:** You do not have to call session_destroy() from usual code. Cleanup $_SESSION array rather than destroying session data.

@developer_webauthorApr 20.2021 — #@NogDog#1630578

I thought, instead of individually unsetting each session (erasing their values), you use session_destroy() to unset all session variables (erase all session variables values) in one sweep!

Now I am getting confused between session unset and session destroy.

One thing I understood though. After unsetting a session, you do not have to start_session() all over again whereas after destroy_session() you have to.

@NogDogApr 20.2021 — #Ultimately it depends on what you are actually trying to accomplish. But in general, if the goal is simply to clean out all values from $_SESSION but not destroy the actual session, I would just do:

[code=php]
 $_SESSION = [];
 // or if older PHP version:
 $_SESSION = array();
 [/code]

@developer_webauthorApr 21.2021 — #@NogDog#1630630

Thanks a bunch!

Why did I not think of these two ? Noting them down now!

However, you overlooked my statement as it was false:

"One thing I understood though. After unsetting a session, you do not have to start_session() all over again **whereas after destroy_session() you have to**."

I will prove now the bold part of my statement was false ...

<i>
 </i>&lt;?php
 //WORKING.
 //TESTING: session_destroy();
 /* CONCLUSION: 
 1. session_destroy() DOES NOT UNSET Sessions;
 2. You can still echo Session Value after session_destroy(). No need to all over again: session_start().
 */
 
 session_start();
 
 echo '$_SESSION["user"]: ' .$_SESSION['user']; echo '&lt;br&gt;'; //Error as expected: Notice: Undefined index: user in C:xampphtdocsTemplatestest.php on line 5.
 echo __LINE__; echo '&lt;br&gt;';
 
 $_SESSION['user'] = 'Ali';
 echo '$_SESSION["user"]: ' .$_SESSION['user']; echo '&lt;br&gt;';
 echo __LINE__; echo '&lt;br&gt;';
 
 session_destroy();
 echo 'Destroyed Session.'; echo '&lt;br&gt;';
 //To echo Session Value, no need to all over again: session_start().
 echo '$_SESSION["user"]: ' .$_SESSION['user']; echo '&lt;br&gt;'; //Session has not been Unset after Destroying Session. Still echoes Session: $_SESSION["user"]: Ali.
 echo __LINE__; echo '&lt;br&gt;';
 
 if(ISSET($_SESSION['user'])) //IF gets triggered here. 
 {
 echo '$_SESSION["user"]: ' .$_SESSION['user']; echo '&lt;br&gt;'; //Session has not been Unset after Destroying Session. Still echoes Session: $_SESSION["user"]: Ali.
 echo __LINE__; echo '&lt;br&gt;';
 unset($_SESSION['user']);
 echo 'Unsetted Session["user"]';  echo '&lt;br&gt;';
 echo '$_SESSION["user"]: ' .$_SESSION['user']; echo '&lt;br&gt;'; //Error as expected: Notice: Undefined index: user in C:xampphtdocsTemplatestest.php on line 23.
 echo __LINE__; echo '&lt;br&gt;';
 }
 else
 {
 echo '$_SESSION["user"]: ' .$_SESSION['user']; echo '&lt;br&gt;';
 echo __LINE__; echo '&lt;br&gt;';
 echo 'Was NOT set Session["user"]:' ; echo '&lt;br&gt;';
 echo '$_SESSION["user"]: ' .$_SESSION['user']; echo '&lt;br&gt;';
 echo __LINE__; echo '&lt;br&gt;';
 }
 die;
 ?&gt;
 
 &lt;?php
 echo '&lt;br&gt;';
 echo 'Line: ' .__LINE__;
 echo '&lt;br&gt;';
 echo '&lt;br&gt;';
 ?&gt;

NogDog,

Do you like, as a beginner level home student, how I make-up my own experiments testing things as if I am experimenting on a rat in a lab. I make the php functions my lab rat.

@developer_webauthorApr 21.2021 — #@nOGdOG,

Don't forget to check my previous post above.

Now, if you don't mind, what loss or good does it make if you destroy a session first and then unset session variables over if you just unset the variables ?

And, what loss or good does it make if you unset session variables first and then destroy the session, over if you just unset the variables ?

Also, what loss or good does it make if you unset session variables but never destroy the session (atall), over if you destroy the session at the end ?

Finally, what loss or good does it make if you destroy the session but NEVER EVER unset any of the session variables throughout your php script or website, over if you did unset the variables somewhere along the line ?

Oh you know what I am doing here NogDog! Trying to test all possible combinations and see the benefits of doing things in various ways.

@developer_webauthorApr 21.2021 — #@sempervivum,

Did you once say you don't have much experience with $_SESSION ?

Do you have good experience with $_COOKIE ?

If you got with the former then you're welcome to reply to my previous post and engage in eating the spaghetti mixed with noodles.

"**session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.** "

https://www.php.net/session_destroy.

Now why on earth is session_start() needed all over again after session_destroy() since the session variables are still intact due to not "unsetting" them ? This whole session_destroy() is seeming useless and waste of hard space to me.

@developer_webauthorApr 24.2021 — #Bump!

@developer_webauthorJul 18.2021 — #@NogDog#1630630

You would do these two ?

<i>
 </i>$_SESSION = [];
 // or if older PHP version:
 $_SESSION = array();

But what about:

<i>
 </i>$_SESSION = '';

<i>
 </i>$_SESSION = empty($_SESSION);

<i>
 </i>$_SESSION = NULL;

Guessing these won't work but do let me know ...

<i>
 </i>$_SESSION = 'NULL';

<i>
 </i>$_SESSION = "NULL";

@daveyerwinJul 18.2021 — #@developer_web#1630683 said ...

This whole session_destroy() is seeming useless and waste of hard space to me.

_ _ _ _ _ _ _ _ _ _ _

Yes, I agree.

The PHP Manual agrees also.

From : https://www.php.net/manual/en/function.session-destroy.php

"You do not have to call session_destroy() from usual code."

Also in #PHP _↴

Problem on retrieving values from the database Html form validated by php md5 Question

Success!

Help @developer_web spread the word by sharing this article on Twitter...

Tweet This

Why UNSETTING SESSION Necessary When SESSION DESTROY Already Took Place ?

9 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Why UNSETTING SESSION Necessary When SESSION DESTROY Already Took Place ?

9 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

9 Comments(s) _↴

Also in #PHP _↴