0
0
PhpHow-ToBeginner · 3 min read

How to Destroy Session in PHP: Complete Guide

To destroy a session in PHP, use session_start() to begin the session, then call session_unset() to clear session variables and session_destroy() to end the session. This removes all session data and invalidates the session ID.
📐

Syntax

Here is the typical syntax to destroy a session in PHP:

  • session_start(): Starts or resumes the current session.
  • session_unset(): Clears all session variables.
  • session_destroy(): Destroys the session data on the server.

Optionally, you can also clear the session cookie to remove the session ID from the browser.

php
<?php
session_start();       // Start the session
session_unset();       // Remove all session variables
session_destroy();     // Destroy the session data

// Optional: Clear the session cookie
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}
?>
💻

Example

This example shows how to start a session, set a variable, then destroy the session and clear the cookie. It prints messages before and after destroying the session.

php
<?php
// Start session and set a variable
session_start();
$_SESSION['user'] = 'Alice';
echo "Session started. User: " . $_SESSION['user'] . "<br>";

// Destroy session
session_unset();
session_destroy();

// Clear session cookie
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

echo "Session destroyed.";
?>
Output
Session started. User: Alice Session destroyed.
⚠️

Common Pitfalls

Common mistakes when destroying sessions include:

  • Not calling session_start() before trying to destroy the session.
  • Forgetting to clear session variables with session_unset(), which leaves data accessible.
  • Not removing the session cookie, so the browser keeps sending the old session ID.
  • Calling session_destroy() but still accessing $_SESSION variables afterward.

Always start the session first, then clear variables, destroy the session, and finally clear the cookie.

php
<?php
// Wrong way: missing session_start()
// session_destroy(); // This will not work properly

// Right way:
session_start();
session_unset();
session_destroy();
?>
📊

Quick Reference

Summary tips for destroying a PHP session:

  • Always call session_start() before manipulating sessions.
  • Use session_unset() to clear all session variables.
  • Call session_destroy() to remove session data on the server.
  • Clear the session cookie to remove the session ID from the browser.
  • Do not access $_SESSION after destroying the session.

Key Takeaways

Always start the session with session_start() before destroying it.
Use session_unset() to clear session variables before calling session_destroy().
Call session_destroy() to remove session data on the server.
Clear the session cookie to fully remove the session from the client side.
Avoid accessing $_SESSION variables after destroying the session.

Related by keyword

How to Secure Session in PHP: Best Practices and ExamplesSecurityPHP 7 vs PHP 8: Key Differences and When to Use EachPHP vs OtherHow to Install PHP on Mac: Simple Step-by-Step GuideGetting StartedHow to Install PHP on Windows: Step-by-Step GuideGetting StartedHow to Run PHP from Command Line: Simple GuideGetting Started

Up next

How to Validate File Upload in PHP: Syntax and ExampleHow to Validate Form in PHP: Simple Guide with ExamplesHow to Check if Cookie is Set in PHP: Simple GuideHow to Delete Cookie in PHP: Simple Guide with Examples

More in Sessions

How to Check if Session is Set in PHP: Simple GuideHow to Get Session Variable in PHP: Simple GuideHow to Set Session Timeout in PHP: Simple GuideHow to Set Session Variable in PHP: Simple Guide