JasonDFR wrote:
So to sum up, if one would like to clear/delete/free/destroy all session variables, but not the session itself, one should do what (PHP5+) ?
Humm this is rather confusing, clear/delete/free/destroy all session variables = free session itself, but this doesn't mean we can't use session variables there after, we just lose out all the values the session was holding.
JasonDFR wrote:
session_unset() or $_SESSION = array()?
I would say almost same, but as you can see in the previous post, i you set some session variables in one page and do session_unset() in another, the sessions will be unavailable for that page for that instant, but not after you reload the page. OK this is what i got in my comp when i tried things out.
Lets say you logged in and i saved your name in a session in a page called "login.php".
So this is how is goes:
Code: Select all
//file:login.php
session_start();
//If login successfull
$_SESSION['USR_NAME']='JasonDFR';
//then redirect to helloUser.php page.
Code: Select all
//file:helloUser.php
session_start();
if(isset($_SESSION['USR_NAME']))
echo 'hi there '.$_SESSION['USR_NAME'];
else
//redirect to login page, user is not there
Now lets say i have a page called logout.php
Code: Select all
//file:logout.php
session_start();
session_unset();//or session_destroy
if(isset($_SESSION['USR_NAME']))
echo 'eii session still not destroyed for the user'.$_SESSION['USR_NAME'];
else
echo 'ya session cleared';
surprisingly if you were to go to logout.php page you would get a message 'eii session still not destroyed for the user JasonDFR' although we have done session_unset() or session_destroy() because the session is still available or active for that page BUT it won't be if you go to helloUser.php or reload the logout.php page itself. The version of PHP i'm using is 5.2.8(avid mozilla fan, so didn't bother to check in IE) and I don't know if it is a anomaly coz i would expect the session for USR_NAME be not available after the execution of code session_unset(). But if you were to do $_SESSION = array(), you wouldn't face this issue, also as a work around you could do the following in the logout.php page
Code: Select all
//file:logout.php
session_start();
session_unset();//or session_destroy
//redirect to login page, coz a redirect would then clear up the session values after session_unset
OK having said all that lets say you decided that you want your session_unset in the helloUser.php page itself.
Code: Select all
//file:helloUser.php
session_start();
if($_GET['log_me_out']==1)
session_unset();
if(isset($_SESSION['USR_NAME']))
echo 'hi there '.$_SESSION['USR_NAME'];
else
//redirect to login page, user is not there
This would work how we would expect it to work, the session will be destroyed, no redirects needed!!
But i believe session_destroy is more often used than session_unset, i generally use session_destroy, but i seriously didn't know that session_destroy will still not flush the data until a refresh...maybe coz i always did redirects after a session_destroy!!