The documentation says session_destroy () "destroys all of the data
associated with the current session". Um, like what?
The docs further say that you should remove all information in the _SESSION
global with $_SESSION = array() and you should use setcookie() to set the
session cookie to a blank value. Having done those, what does that leave
session_destroy () to do?
The page at http://au2.php.net/manual/en/functio...on-destroy.php
bandies about terms like "Unset all of the session variables", "If it's
desired to kill the session..." and "destroy the session" without actually
explaining them. That last one is used in the context of a call to
setcookie() and then again in the context of a call to session_destroy ().
My current code, which I need to be as secure as possible, doesn't call
session_destroy () because I can't see what it does. Can someone enlighten
me?
--
The email address used to post is a spam pit. Contact me at
http://www.derekfountain.org : <a
href="http://www.derekfounta in.org/">Derek Fountain</a>