96

From the php.net documentation:

session_destroy — Destroys all data registered to a session

session_unset — Free all session variables

My three part question is:

The two functions seem very similar.
What is really the difference between the two?

Both seem to delete all variables registered to a session. Does any of them actually destroy the session itself? If not, how do you accomplish this (destroy the session itself).

Is it correct that neither of the two functions deletes the session cookie at the client?

Improve this question

8 Answers 8

Reset to default
156

session_unset just clears the $_SESSION variable. It’s equivalent to doing:

$_SESSION = array();

So this does only affect the local $_SESSION variable instance but not the session data in the session storage.

In contrast to that, session_destroy destroys the session data that is stored in the session storage (e.g. the session file in the file system).

Everything else remains unchanged.

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

@Gumbo Isn't there some problem with session_unset() being deprecated now? I checked this and it didn't work for me.
@hakre what's the warning?
@GoTo: That session_unset was used to unset global variables registered as sessions variables as it was common in PHP 4. The use of that function as of today is anachronistic and not necessary. The only reason it still is in PHP is probably backwards compatibility and nothing else. If you write new code, you should not use it. If you find it within code, you should remove it together with the calls to session_register() and the rest of the PHP 4 session variables handling functions unless you are explicitly dealing with PHP 4 code.
Still it is Confusing : Please describe local $_SESSION variable instance vs session data in the session storage. As i know there are 1000 such people like me who didnt get your point. Thanks
Your answer is too confused. Please consider editing it, because I still think both are destroying session
|
20

session_destroy(); is deleting the whole session.

session_unset(); deletes only the variables from session - session still exists. Only data is truncated.

Improve this answer

1 Comment

So it's basically the same difference as DROP and TRUNCATE table in SQL queries, right?
18 
session_unset();

Just clear all data of all session variable.


session_destroy();

Remove all session.

Example:

session_start(); session_destroy(); $a = "1234"; $_SESSION[a] = $a;

$_SESSION[a] is NULL.


session_start(); session_unset(); $a = "1234"; $_SESSION[a] = $a;

$_SESSION[a] is 1234.


So, I will use:

session_start(); session_destroy(); session_start(); $a = "1234"; $_SESSION[a] = $a;
Improve this answer

2 Comments

in your middle example -> session_unset(); you are NOT doing anything as you can still use session of $_SESSION["a"] , so what is use of it ?
$_SESSION[a] should be $_SESSION['a'] and unlike what you said this is NOT NULL in your first example
8

session_unset() will clear the $_SESSION variable (as in array()), but it won't touch the session file. But when the script ends; the state of the $_SESSION will be written to the file. Then it will clear the file but won't delete it. When you use session_destroy() it won't touch $_SESSION (Use var_dump($_SESSION) after session_destroy()), but will delete the session file, so when script exits there won't be a file to write the state of the $_SESSION.

Improve this answer

Comments

1

I tried to use session_unset($_SESSION['session_name']) thinking it will only unset specific or individual/single session name. But using session_unset($_SESSION['session_name']) will only unset all session name. The right code to use is only unset($_SESSION['session_name']) if you want to unset a single session name.

Improve this answer

Comments

0

session_destroy() will delete the session after moving the page and session_unset() will delete session when the code is run.

Improve this answer

Comments

0

session_start(); #it will create an virtual array (associative) in browser realtime memory

two item added

> $_SESSION['me'] = "Yadab"; > $_SESSION['you'] = "Avi"; > > print_r($_SESSION); #will give, array( "me"=>"Yadab", "you"=>"Avi" )

test1

> unset($_SESSION['me']); #only 'me' variable is removed fully (index & value) > print_r($_SESSION); #now the array is Array("you"=>"Avi")

test2

> session_destroy(); #will unset the values of all session variables, but indexes exists > print_r($_SESSION); #Output, Array("you"=>undefined) > #but some browser can store the value in cookies

test3

> session_unset(); #will unset all the main variables not only the values > print_r($_SESSION); #that means session array is now empty, like Array()

test block 1, 2, or 3 at individually by comment out others

Improve this answer

Comments

-3

I think session_destroy() and session_unset() should be used at the same time to make sure that session data is surely deleted.

Improve this answer

3 Comments

I think means you not sure about the answer.This should be a comment not an answer.
session_unset() after session_destroy() would be pointless. Use session_unset() to clear all keys and values from the $_SESSION superglobal, or use session_destroy() to delete the whole session; don't use both just to "make sure", trust the function to do its job.
@redburn session_destroy() doesn't unset the sess superglobal var till exit the current page.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.