Ways to End Sessions: What's the Difference?

[LearningNerd]

OK, so there are apparently a few ways to end sessions or delete session data, and I'm having trouble finding a simple explanation of what the difference is between them. Here's an example of each method I've seen:

Code:

<?php

unset($_SESSION); // method one

$_SESSION = array(); // method two

session_destroy(); // method three

setcookie(session_name(), "", time()-3600); // method four

?>

How is each method different? Which should you use when? Which method(s) do you personally prefer to use and why?

Thanks for your help!

[mlseim]

I'm not enough of a PHP expert to know the exact differences.

But this is the method I usually use:
(where "user" is the session name I registered)

<?php
session_start();
session_unregister(user);
header ("location: index.php");
?>


It unregisters the sessions and returns to the index page.
The script is usually called by a log-out button or link.

[Steax]

AFAIK...

1 & 2 are the same. Method 1 (unsetting) removes the contents of a variable (but removing the type of a special variable might be unsafe) while method 2 resets it as a blank array.

Method 3 replaces the session ID.

Method 4 works by changine your computer's session ID in its cookies. I'm not so sure on this one.

I usually just unset individual session variables. Like

PHP Code:

$_SESSION['somevar'] = false; 


[Shadowfiend]

Basically, 1 & 2 don't `end' the session -- they just reset the server's variables associated with it. 3 replaces the session id, so it doesn't end the session; it just changes it to a new, fresh one with no variables associated with it. And 4 will actually clear the session id, which basically disassociates that computer from any session, which is the closest I suppose you get to actually `ending' the session, as the client computer is then no longer associated with any session.