May 2, 2008 - PHP    6 Comments

Destroy or Delete all session variables in PHP

Sometimes I have seen that coders forges to delete all session variables when the user logs out or sign out. This can be dangerous since this is a security hole. From my own experience I have seen that the session variables may appear even after the sign out. I myself have seen this. This may happen because several people write codes in several ways. But what is important we must delete all session variables when the user signs out.

So, how can we delete all session variables and stop the session variables appear accidentally even after sign out?

Well. We can do it using only 3 lines of code and this is very easy too!

Add these following 3 lines of codes in your sign out code and all your session variables are destroyed!

But if you want to delete the session itself too, you need to add a few lines. So the final code will look like this.

Thus, we can destroy our session variables and keep the user secured one way.
OK.
That is all for now.

6 Comments

  • How is it dangerous?

  • OK Raja,

    Think of a case where you used a system/software and after you sign out another person comes to use the system/software in the same PC.

    May be it can be a public PC or in Cyber Cafe.

    If session variables are not properly destroyed and shows your email address, personal phone number and other private information that might be saved in session variables to another person.

    How would you feel if you know this?

    And also think of a situation, every user’s data is getting disclosed to the next person if they use the same PC.

    Is not it dangerous?

  • great article, helps me a lot

  • Hi,
    PHP session variables are controlled by the server. They are directly associated with the current session and should not be accessible outwith that session. If you have session variables that are being picked up outside of the seesion then you have a PHP bug on the server. I would suggest you contact your hosting service regarding this as it can be a very high security risk.
    regards
    George

  • Hi..,

    This is easy to say how to set session and how to destroy the session.
    I am easy to Understand.

    Thanks a lot.

  • thanks for sharing this. i’m going to implement this on my website.

Got anything to say? Go ahead and leave a comment!