Asked  7 Months ago    Answers:  5   Viewed   39 times

Got it from php.net, but I am not sure is this how everybody destroy all sessions?

// Unset all Sessions
$_SESSION = array();

if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time() -42000, '/');
}

    session_destroy();

Does the code will destroy all the sessions?? Is it the most common way? how do you guys destroy php sessions?

Oh yeah, btw, what is that session_name()? All session name? e.g $_SESSION['var1'], $_SESSION['var2'], ... ?

I dont need to use unset($_SESSION['var1']); any more right?

Whats the different between using session_destroy() and unset($_SESSION[])?

 Answers

42

You should first know what sessions are: You can consider sessions as a data container on the server side that’s associated with a random identifier, the session ID. That session ID needs to be provided by the client so that the server can load the data associated to that session ID (and thus to that session) into the $_SESSION variable. Everything in that $_SESSION variable is also called session variables of the current active session.

Now to your questions:

Does the code will destroy all the sessions?? Is it the most common way? how do you guys destroy php sessions??

The provided code just deletes the session data of the current session. The $_SESSION = array(); statement will simply reset the session variable $_SESSION so that a future access on the session variable $_SESSION will fail. But the session container itself is not deleted yet. That will be done by calling session_destroy.

See also Truly destroying a PHP Session?

Oh yeah, btw, what is that session_name()?? All session name? e.g $_SESSION['var1'], $_SESSION['var2']... ?

The session_name is just used to identify the session ID parameter passed in a cookie, the URL’s query or via a POST parameter. PHP’s default value is PHPSESSID. But you can change it to whatever you want to.

I dont need to use unset($_SESSION['var1']); any more right???

No. The initial $_SESSION = array(); deletes all the session data.

Whats the different between using session_destroy and unset($_SESSION[])??

session_destroy will delete the whole session container while unset or resetting the $_SESSION variable will only delete the session data for the current runtime.

Wednesday, March 31, 2021
 
mozlima
answered 7 Months ago
15

the php-memcached extension supports session locking

http://us3.php.net/memcached

http://us1.php.net/manual/en/memcached.sessions.php

the memcache and memcached extensions look syntactically similar so it may not be too much of a headache to give it a try. (memcached has a stable version 2.1.0 released 2012-08-07).


if you are set on using memcache 2.2.7 you will most likely have to implement the lock yourself by setting some "session_is_locked" variable in your session and then releasing/unsetting it when the script is done writing to the session. Then you'd always need to check if that variable is set before continuing with any scripts which write to the session.

Wednesday, March 31, 2021
 
penpen
answered 7 Months ago
45

But I really confused about my main problem: which way is proper, for "remember me" feature? to use cookies/session/database?

Http is a stateless protocall. Authentication token must persist to keep the state. Proper way is to use session. Now how do you track the session? It's up to you. But cookies are not bad.

In the session you can save a hash created from browser different criteria(user agent, os, screen resolution etc) to check if the token is from same environment. The more criteria you save the more itll be harder to hijack. Btw you need JavaScript to grab ths extra information every time.

Saturday, May 29, 2021
 
JakeGR
answered 5 Months ago
87

session_destroy() destroys the active session. If you do not initialized the session, there will be nothing to be destroyed.

Thursday, July 29, 2021
 
jab
answered 3 Months ago
jab
71

store user defined data in SQL

I think you are looking for the Entity–attribute–value database model in which:

The basic idea is to store attributes, and their corresponding values, as rows in a single table.

Typically the table has at least three columns: entity, attribute, and value. Though if there is only a single relevant entity, e.g. a table for application configuration or option settings, the entity column can be excluded.

See this pages as a start:

  • Using Database Metadata and its Semantics to Generate Automatic and Dynamic Web Entry Forms (pdf)

  • Planning and Implementing a Metadata-Driven Digital Repository (pdf)

I retagged your question with entity-attribute-value tag, in which you can browse a lot of threads that relate to your case.

Tuesday, August 31, 2021
 
Grokodile
answered 2 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :