reference/session/functions/session-destroy.xml
682510e91d1f19fb59d2f7aef6ab370e8af842a1
682510e91d1f19fb59d2f7aef6ab370e8af842a1
...
...
@@ -19,12 +19,49 @@
19
19
To use the session variables again, <function>session_start</function> has
20
20
to be called.
21
21
</simpara>
22
+
<note>
23
+
<simpara>
24
+
You do not have to call <function>session_destroy</function> from usual
25
+
code. Cleanup $_SESSION array rather than destroying session data.
26
+
</simpara>
27
+
</note>
22
28
<para>
23
-
In order to kill the session altogether, like to log the user out, the
24
-
session id must also be unset. If a cookie is used to propagate the
25
-
session id (default behavior), then the session cookie must be deleted.
29
+
In order to kill the session altogether, the
30
+
session ID must also be unset. If a cookie is used to propagate the
31
+
session ID (default behavior), then the session cookie must be deleted.
26
32
<function>setcookie</function> may be used for that.
27
33
</para>
34
+
<para>
35
+
When <link linkend="ini.session.use-strict-mode">session.use_strict_mode</link>
36
+
is enabled. You do not have to remove obsolete session ID cookie because
37
+
session module will not accept session ID cookie when there is no
38
+
data associated to the session ID and set new session ID cookie.
39
+
Enabling <link linkend="ini.session.use-strict-mode">session.use_strict_mode</link>
40
+
is recommended for all sites.
41
+
</para>
42
+
<warning>
43
+
<para>
44
+
Immediate session deletion may cause unwanted results. When there is
45
+
concurrent requests, other connections may see sudden session data
46
+
loss. e.g. Requests from JavaScript and/or requests from URL links.
47
+
</para>
48
+
<para>
49
+
Although current session module does not accept empty session ID
50
+
cookie, but immediate session deletion may result in empty session ID
51
+
cookie due to client(browser) side race condition. This will result
52
+
that the client creates many session ID needlessly.
53
+
</para>
54
+
<para>
55
+
To avoid these, you must set deletion time-stamp to $_SESSION and
56
+
reject access while later. Or make sure your application does not
57
+
have concurrent requests. This applies to <function>session_regenerate_id</function> also.
58
+
</para>
59
+
</warning>
60
+
</refsect1>
61
+
62
+
<refsect1 role="parameters">
63
+
&reftitle.parameters;
64
+
&no.function.parameters;
28
65
</refsect1>
29
66
30
67
<refsect1 role="returnvalues">
...
...
@@ -68,20 +105,13 @@ session_destroy();
68
105
</para>
69
106
</refsect1>
70
107
71
-
<refsect1 role="notes">
72
-
&reftitle.notes;
73
-
<note>
74
-
<para>
75
-
Only use <function>session_unset</function> for older deprecated code
76
-
that does not use <varname>$_SESSION</varname>.
77
-
</para>
78
-
</note>
79
-
</refsect1>
80
-
81
108
<refsect1 role="seealso">
82
109
&reftitle.seealso;
83
110
<para>
84
111
<simplelist>
112
+
<member><link linkend="ini.session.use-strict-mode">session.use_strict_mode</link></member>
113
+
<member><function>session_reset</function></member>
114
+
<member><function>session_regenerate_id</function></member>
85
115
<member><function>unset</function></member>
86
116
<member><function>setcookie</function></member>
87
117
</simplelist>
88
118