Is this a proper way to destroy all session data in php?

Question

Got it from php.net, but I am not sure is this how everybody destroy all sessions?

// Unset all Sessions
$_SESSION = array();

if (isset($_COOKIE[session_nam         


        

Answer 1

To destroy a single session, you should use the following:-

session_destroy();

Assuming you've used session_start() to previously start/resume a session.

Destroying all sessions really depends on your setup, and how you're handling sessions.

For most PHP installs, the session handling is done via files, so the best way would be to find the folder that keeps all the sessions (usually found from session_save_path()), and delete all the files under that.

I think though, the best way to handle this might be to pre-emptively set a timestamp in each session you create. This means that you can then compare that timestamp to a set point (the time when you want to invalidate all sessions) and invalidate the session if it's before that time. This also means that you can do things like set a specific timeout for a session, etc etc.

Another way might be to change to use Database Stored Sessions - you can find a good tutorial for this here