Learning Is Fun

Talks on Web Technology and Better Product Development

Destroy or Delete all session variables in PHP

May2

Sometimes I have seen that coders forges to delete all session variables when the user logs out or sign out. This can be dangerous since this is a security hole. From my own experience I have seen that the session variables may appear even after the sign out. I myself have seen this. This may happen because several people write codes in several ways. But what is important we must delete all session variables when the user signs out.

So, how can we delete all session variables and stop the session variables appear accidentally even after sign out?

Well. We can do it using only 3 lines of code and this is very easy too!

Add these following 3 lines of codes in your sign out code and all your session variables are destroyed!

<?php

$_SESSION = array();
session_destroy();
session_unset();

?>

But if you want to delete the session itself too, you need to add a few lines. So the final code will look like this.

<?php

$_SESSION = array();

if (isset($_COOKIE[session_name()]))
{
setcookie(session_name(), ”, time() – 60000, ‘/’);
}

session_destroy();
session_unset();

?>

Thus, we can destroy our session variables and keep the user secured one way.
OK.
That is all for now.

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
posted under PHP
5 Comments to

“Destroy or Delete all session variables in PHP”

  1. On May 3rd, 2008 at 11:47 am RAJA Says:

    How is it dangerous?

  2. On May 3rd, 2008 at 11:59 am admin Says:

    OK Raja,

    Think of a case where you used a system/software and after you sign out another person comes to use the system/software in the same PC.

    May be it can be a public PC or in Cyber Cafe.

    If session variables are not properly destroyed and shows your email address, personal phone number and other private information that might be saved in session variables to another person.

    How would you feel if you know this?

    And also think of a situation, every user’s data is getting disclosed to the next person if they use the same PC.

    Is not it dangerous?

  3. On June 14th, 2008 at 1:00 am prajosh Says:

    great article, helps me a lot

  4. On January 15th, 2009 at 10:01 am George Barr Says:

    Hi,
    PHP session variables are controlled by the server. They are directly associated with the current session and should not be accessible outwith that session. If you have session variables that are being picked up outside of the seesion then you have a PHP bug on the server. I would suggest you contact your hosting service regarding this as it can be a very high security risk.
    regards
    George

  5. On June 21st, 2010 at 7:57 am wp programmer Says:

    Hi..,

    This is easy to say how to set session and how to destroy the session.
    I am easy to Understand.

    Thanks a lot.

Email will not be published

Website example

Your Comment: