session_unset

(PHP 4, PHP 5, PHP 7, PHP 8)

session_unset全てのセッション変数を開放する

説明

session_unset(): bool

関数 session_unset() は現在登録されている全てのセッション変数を開放します。

パラメータ

この関数にはパラメータはありません。

戻り値

成功した場合に true を、失敗した場合に false を返します。

変更履歴

バージョン 説明
7.2.0 この関数の戻り値の型は bool になりました。 以前は void でした。

注意

注意:

$_SESSION が使用されている場合、セッション変数の登録を削除するために unset() すなわち、unset($_SESSION['varname']); を使用してください。

警告

$_SESSION スーパーグローバルを使用した セッション変数の登録が不可能になってしまうため、 unset($_SESSION) を使って $_SESSION を完全に unset しないでください。

注意:

session_unset() 関数は、 $_SESSION = [] と同等です。

警告

この関数は、セッションがアクティブな場合にのみ動作します。 セッションが開始されていなかったり、既に破棄されている場合には、 この関数は $_SESSION 配列をクリアしません。 すべてのセッション変数をクリアする場合は、 たとえセッションがアクティブでない場合でも $_SESSION = [] を使いましょう。

add a note

User Contributed Notes 5 notes

up
39
tim at leethost dot com
12 years ago
I was having a problem clearing all session variables, deleting the session, and creating a new session without leaving old session stuff behind in all browsers. The below code is perfect for a logout script to totally delete everything and start new. It even works in Chrome which seems to not work as other browsers when trying do logout and start a new session.

<?php
session_start
();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
?>
up
25
jerry
8 years ago
The difference between both session_unset and session_destroy is as follows:

session_unset just clears out the session for usage. The session is still on the users computer. Note that by using session_unset, the variable still exists. session_unset just remove all session variables. it does not destroy the session....so the session would still be active.

Using session_unset in tandem with session_destroy however, is a much more effective means of actually clearing out data. As stated in the example above, this works very well, cross browser. session_destroy is destroy the session. session_destroy() to kill all session information.....This is the more secure function to use.
up
0
christian+php at
6 days ago
The solution provided by tim at leethost dot com is nice but you must check a active session first, because else you fill the logs with PHP Errors or Notices depending on your settings. I use it as a function, and it works smooth.

```php
/** @return void */
public static function sayonara():void
{
if (session_status() !== PHP_SESSION_ACTIVE) :void
{
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(), '', 0, '/');
session_regenerate_id(true);
}
}

sayonara();
```
up
-18
Jeroen
19 years ago
note to Jason: I don't know the exact mechanics of it (since I'm quite new to sessions) but I think you need to use session_unset() BEFORE you can use session_destroy() at all. I thought that session_unset() was for scripted variables, and session_destroy() just for anything saved on your side regarding the session.
up
-22
zach at zkwarta dot com
19 years ago
The difference between both session_unset and session_destroy is as follows:

session_unset just clears out the sesison for usage. The session is still on the users computer. Note that by using session_unset, the variable still exists.

Using session_unset in tandem with session_destroy however, is a much more effective means of actually clearing out data. As stated in the example above, this works very well, cross browser:

session_unset();
session_destroy();

I noticed that in firefox, one could simply use sesison_unset and the session would be cleared. When trying this on IE, I was horrified to find out that the data was still there, so I had to use session destroy.
To Top