Invalidating session in php

People tend to forget that HTTP protocol is STATELESS.

Warning Immediate session deletion may cause unwanted results.

This will result that the client creates many session ID needlessly.

To avoid these, you must set deletion time-stamp to $_SESSION and reject access while later.

What I discovered is that clearing $_SESSION and removing the cookie destroys the session, hence the warning.

A session can always be created by logging back in, so should i bother about use of session_destroy() and use unset($_SESSION['variable']) instead?

Leave a Reply