You should know that on recent PHP only the first one of these functions works correctly. And if you use the other two, var_dump will print you the result you expected (session cleaned up), but the session file on the server won't be cleaned up. So use the first one.
<?php
function session_clean1($logout=false)
{
$v=array();
foreach($_SESSION as $x=>$y)
if($x!="redirector"&&($x!="user"||$logout))
$v[]=$x;
foreach($v as $x)
unset($_SESSION[$x]);
return;
}
function session_clean2($logout=false)
{
foreach($_SESSION as $x=>$y)
if($x!="redirector"&&($x!="user"||$logout))
unset($_SESSION[$x]);
return;
}
function session_clean3($logout=false)
{
$s=($logout||!isset($_SESSION["user"]))?array():
array("user"=>$_SESSION["user"]);
if(isset($_SESSION["redirector"]))
$s["redirector"]=$_SESSION["redirector"];
$_SESSION=$s;
}
?>
On previous php (<<5.1.4) releases at least the third one worked correctly.
session_unset
(PHP 4, PHP 5)
session_unset — 全てのセッション変数を開放する
説明
void session_unset ( void )関数session_unset()は現在登録されている全ての セッション変数を開放します。
注意: $_SESSION(またはPHP 4.0.6以前の場合は$HTTP_SESSION_VARS)が使用さ れている場合、セッション変数の登録を削除するために unset() すなわち、unset ($_SESSION['varname']); を使用してください。
注意
$_SESSIONスーパーグローバルを使用した セッション変数の登録が不可能になってしまうため、 unset($_SESSION)を使って $_SESSIONを完全にunsetしないでください。
session_unset
pentek_i at inf dot elte dot hu
09-Aug-2006 08:54
09-Aug-2006 08:54
InterNic
20-May-2006 07:20
20-May-2006 07:20
sometimes you might have problems even if using both session_unset and session_destroy. You have to clear the $_SESSION array. I got it working this way:
session_unset();
session_destroy();
$_SESSION = array();
08-Mar-2006 12:56
Yes, that's how it is, first you write session_unset, and then the sentence session_distroy
zach at zkwarta dot com
14-Jul-2005 07:32
14-Jul-2005 07:32
The difference between both session_unset and session_destroy is as follows:
session_unset just clears out the sesison for usage. The session is still on the users computer. Note that by using session_unset, the variable still exists.
Using session_unset in tandem with session_destroy however, is a much more effective means of actually clearing out data. As stated in the example above, this works very well, cross browser:
session_unset();
session_destroy();
I noticed that in firefox, one could simply use sesison_unset and the session would be cleared. When trying this on IE, I was horrified to find out that the data was still there, so I had to use session destroy.
Jeroen
15-Jan-2005 06:42
15-Jan-2005 06:42
note to Jason: I don't know the exact mechanics of it (since I'm quite new to sessions) but I think you need to use session_unset() BEFORE you can use session_destroy() at all. I thought that session_unset() was for scripted variables, and session_destroy() just for anything saved on your side regarding the session.
22-Mar-2001 01:58
To further clarify the note above... this can be done via the session handling directives in your php.ini file... there are options to set garbage collection probability (via percent... i.e. 75 means it would run 3 out of every 4 page accesses), and the amount of time a session object can remain active before the garbage collection process sees it as garbage.
dmertens at zyprexia dot com
01-Feb-2001 02:11
01-Feb-2001 02:11
The session files are automaticly deleted after the session-timeout is reached. So if the time-out is set to 20 minutes, the files will be deleted 20 minutes after the last access. Same for the cookie. Every time, an page is requested, the cookie-ttl is set to now + 20 minutes.
PHP is a very clean scripting engine, which leaves no garbage on your system!
diogo dot afonso at terravista dot pt
30-Aug-2000 02:09
30-Aug-2000 02:09
The only thing needed to really destroy the session is :
session_unset();
session_destroy();
j a s o n p 0 1 9 at yahoo dot com
14-Jul-2000 05:26
14-Jul-2000 05:26
session_unset() vs. session_destroy():
I would say that the difference is that session_destroy() destroys the session variables, both in the script and where the session data is stored on disk. session_unset() is like doing a session_unregister() on all registered variables. They can still be re-registered by calling session_register() whereas after session_destroy, they cannot.