What exactly does session_unset() do?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
JasonDFR
Forum Commoner
Posts: 40
Joined: Wed Jan 07, 2009 3:51 am

What exactly does session_unset() do?

Post by JasonDFR »

What exactly does session_unset() do?

php.net says "The session_unset() function frees all session variables currently registered." I guess I need this translated. I'm not sure what "frees" means in this context.

Does this mean it unsets all session variables? If so, is there any difference between this function and $_SESSION = array(); ?

Thanks,

J
User avatar
novice4eva
Forum Contributor
Posts: 327
Joined: Thu Mar 29, 2007 3:48 am
Location: Nepal

Re: What exactly does session_unset() do?

Post by novice4eva »

did you try it out???
miyur
Forum Newbie
Posts: 15
Joined: Sat Jan 10, 2009 9:06 am

Re: What exactly does session_unset() do?

Post by miyur »

session_unset will unset all the variables. if you are trying this for logout functionality , you could add session_destroy() also just to be on the safer side. could you elaborate on what exactly you are trying to do?
JasonDFR
Forum Commoner
Posts: 40
Joined: Wed Jan 07, 2009 3:51 am

Re: What exactly does session_unset() do?

Post by JasonDFR »

novice4eva wrote:did you try it out???
Yes. Thanks for the helpful post.

@miyur Thanks. A discussion about how best to log out users is what sparked my interest in this, but at this point I really just wanted more information on session_unset.

I was hoping to get a more elaborate explanation. Notice how unset() and session_unset() are described differently below. Perhaps I am reading too much into it. If session_unset was described as "unset all session variables" or "destroy all session variables" I may not have asked the question.

unset from PHP.net:

unset — Unset a given variable
Description
void unset ( mixed $var [, mixed $var [, mixed $... ]] )

unset() destroys the specified variables.

session_unset from PHP.net:

session_unset — Free all session variables
Description
void session_unset ( void )

The session_unset() function frees all session variables currently registered.


If you read the user comments on the session_unset page there is a lot of talk about destroying sessions in order to log people out. There is even code that calls session_unset and then $_SESSION = array() afterwords. Its my experience that these two things do exactly the same thing.

Here is some code I experimented with:

Code: Select all

<?php
 
error_reporting(E_ALL);
 
session_start();
 
$_SESSION['test'] = 'test';
 
print_r($_SESSION);
 
session_unset();
//$_SESSION = array();
 
echo $_SESSION['test'];
 
print_r($_SESSION);
 
exit;
User avatar
novice4eva
Forum Contributor
Posts: 327
Joined: Thu Mar 29, 2007 3:48 am
Location: Nepal

Re: What exactly does session_unset() do?

Post by novice4eva »

Firstly glad to be some help :mrgreen:
Then, I had no intention to offend you, sorry if i did so.
session_unset and $_SESSION=array() have slight differences.

If you look at session_destroy, you will be notified that session_unset is used for older deprecated code that does not use $_SESSION, but this is still usable maybe for backward compatibilty.

session_unset and session_destroy are not similar either while function unset is more for killing particular session value.

This may help.

Code: Select all

 
//file test1.php
 
session_start();
$_SESSION['session1'] = 'xyz';
$_SESSION['session2'] = 'abc';
$_SESSION['session3'] = '123';
 
echo '<pre>';
print_r($_SESSION);
echo '</pre>';
/*
Array
(
    [session1] => xyz
    [session2] => abc
    [session3] => 123
)
 
*/
 
unset($_SESSION['session1']);//unset($_SESSION) cannot be done
echo '<pre>';
print_r($_SESSION);
echo '</pre>';
/*
Array
(
    [session2] => deewen
    [session3] => deewen
)
 
*/
 
 
session_destroy();
echo '<pre>';
print_r($_SESSION);
echo '</pre>';
/*
Array
(
    [session2] => abc
    [session3] => 123
)
*/
 
session_unset();
echo '<pre>';
print_r($_SESSION);
echo '</pre>';
/*
Array
(
)
*/
 
 
What would come as a surprise to me is, session_destroy will not clear the session in the calling page itself BUT if you move on to next page(or reload the page), the sessions are all destroyed. Same was the case for session_unset if it was called in some other page. I.E. try this and tell us what you get:

Code: Select all

 
//file test1.php
 
session_start();
$_SESSION['session1'] = 'xyz';
$_SESSION['session2'] = 'abc';
$_SESSION['session3'] = '123';
?>
 
<?php
//file test2.php
session_start();
session_unset();
echo '<pre>';
print_r($_SESSION);
echo '</pre>';
/*
Array
(
    [session1] => xyz
    [session2] => abc
    [session3] => 123
)
 
*/
 
So i think it would be advisable for you to either do session_destroy/session_unset followed immediately by a redirect(or else session values are still availble for the code that follows), or yes $_SESSION=array() since this will cause the session to be empty array from that point onward.

Peace...coz we need it a lot :drunk:
JasonDFR
Forum Commoner
Posts: 40
Joined: Wed Jan 07, 2009 3:51 am

Re: What exactly does session_unset() do?

Post by JasonDFR »

novice4eva wrote:Firstly glad to be some help :mrgreen:
Then, I had no intention to offend you, sorry if i did so.
Peace...coz we need it a lot :drunk:
No worries. Thanks for the good post. The code you posted was easy to follow and helpful.

So to sum up, if one would like to clear/delete/free/destroy all session variables, but not the session itself, one should do what (PHP5+) ?

session_unset() or $_SESSION = array()?

Or maybe it doesn't matter...

Thanks again,

J
User avatar
novice4eva
Forum Contributor
Posts: 327
Joined: Thu Mar 29, 2007 3:48 am
Location: Nepal

Re: What exactly does session_unset() do?

Post by novice4eva »

JasonDFR wrote: So to sum up, if one would like to clear/delete/free/destroy all session variables, but not the session itself, one should do what (PHP5+) ?
Humm this is rather confusing, clear/delete/free/destroy all session variables = free session itself, but this doesn't mean we can't use session variables there after, we just lose out all the values the session was holding.
JasonDFR wrote: session_unset() or $_SESSION = array()?
I would say almost same, but as you can see in the previous post, i you set some session variables in one page and do session_unset() in another, the sessions will be unavailable for that page for that instant, but not after you reload the page. OK this is what i got in my comp when i tried things out.

Lets say you logged in and i saved your name in a session in a page called "login.php".
So this is how is goes:

Code: Select all

 
//file:login.php
session_start();
//If login successfull
 $_SESSION['USR_NAME']='JasonDFR';
//then redirect to helloUser.php page.
 

Code: Select all

 
//file:helloUser.php
session_start();
if(isset($_SESSION['USR_NAME']))
echo 'hi there '.$_SESSION['USR_NAME'];
else
//redirect to login page, user is not there
 
Now lets say i have a page called logout.php

Code: Select all

 
//file:logout.php
session_start();
session_unset();//or session_destroy
if(isset($_SESSION['USR_NAME']))
echo 'eii session still not destroyed for the user'.$_SESSION['USR_NAME'];
else
echo 'ya session cleared';
 
surprisingly if you were to go to logout.php page you would get a message 'eii session still not destroyed for the user JasonDFR' although we have done session_unset() or session_destroy() because the session is still available or active for that page BUT it won't be if you go to helloUser.php or reload the logout.php page itself. The version of PHP i'm using is 5.2.8(avid mozilla fan, so didn't bother to check in IE) and I don't know if it is a anomaly coz i would expect the session for USR_NAME be not available after the execution of code session_unset(). But if you were to do $_SESSION = array(), you wouldn't face this issue, also as a work around you could do the following in the logout.php page

Code: Select all

 
//file:logout.php
session_start();
session_unset();//or session_destroy
//redirect to login page, coz a redirect would then clear up the session values after session_unset
 
OK having said all that lets say you decided that you want your session_unset in the helloUser.php page itself.

Code: Select all

 
//file:helloUser.php
session_start();
if($_GET['log_me_out']==1)
session_unset();
 
if(isset($_SESSION['USR_NAME']))
echo 'hi there '.$_SESSION['USR_NAME'];
else
//redirect to login page, user is not there
 
This would work how we would expect it to work, the session will be destroyed, no redirects needed!!
But i believe session_destroy is more often used than session_unset, i generally use session_destroy, but i seriously didn't know that session_destroy will still not flush the data until a refresh...maybe coz i always did redirects after a session_destroy!!
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: What exactly does session_unset() do?

Post by Chris Corbyn »

$_SESSION = array() will have the same end-result as using session_unset()... the internals of what is going on may be different but it won't impact on your development.

The reason session_destroy() doesn't empty the session on the current request is because it's only deleting the file contents for the session (i.e. the persistent storage for it... be it a row in a database, or a file on disk). The variables that were already created during the request will remain in memory.

When you do $_SESSION = array(), the session is emptied in memory, and then at the end of the request when session_write_close() is triggered the emptied session is persisted (having the same result as session_unset() has, though session_unset() probably commits the changes immediately rather than as the script is shutting down).
Post Reply