session_unset

(PHP 4, PHP 5, PHP 7, PHP 8)

session_unset — 释放所有的会话变量

说明

session_unset(): bool

session_unset() 会释放当前会话注册的所有会话变量。

参数

此函数没有参数。

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
7.2.0	此函数的返回类型现在是 bool。以前是 void。

注释

注意:
如果使用的是 $_SESSION，请使用 unset() 去注销会话变量，即 unset($_SESSION['varname']);。

警告

请不要使用 unset($_SESSION) 来释放整个 $_SESSION，因为它将会禁用通过全局 $_SESSION 去注册会话变量。

注意:
session_unset() 的使用与 $_SESSION = [] 相同。

警告

仅当 session 处于活动状态时，此函数才能起作用。如果 session 尚未启动或已经销毁，它将无法清除 $_SESSION 数组。即使 session 不活跃，请使用 $_SESSION = [] 来删除所有 session 变量。

改进此页面

了解如何改进此页面 • 提交拉取请求 • 报告一个错误

＋添加备注

用户贡献的备注 3 notes

down

tim at leethost dot com ¶

12 years ago

I was having a problem clearing all session variables, deleting the session, and creating a new session without leaving old session stuff behind in all browsers.  The below code is perfect for a logout script to totally delete everything and start new.  It even works in Chrome which seems to not work as other browsers when trying do logout and start a new session.

<?php
    session_start();
    session_unset();
    session_destroy();
    session_write_close();
    setcookie(session_name(),'',0,'/');
    session_regenerate_id(true);
?>

down

jerry ¶

9 years ago

The difference between both session_unset and session_destroy is as follows:

session_unset just clears out the session for usage. The session is still on the users computer. Note that by using session_unset, the variable still exists. session_unset just remove all session variables. it does not destroy the session....so the session would still be active.

Using session_unset in tandem with session_destroy however, is a much more effective means of actually clearing out data. As stated in the example above, this works very well, cross browser. session_destroy is destroy the session. session_destroy() to kill all session information.....This is the more secure function to use.

down

christian+php at ¶

4 months ago

The solution provided by tim at leethost dot com is nice but you must check a active session first, because else you fill the logs with PHP Errors or Notices depending on your settings. I use it as a function, and it works smooth. 

```php
    /** @return void  */
    public static function sayonara():void
    {
        if (session_status() !== PHP_SESSION_ACTIVE) :void
        {
            session_start();
            session_unset();
            session_destroy();
            session_write_close();
            setcookie(session_name(), '', 0, '/');
            session_regenerate_id(true);
        }        
    }

    sayonara();
```