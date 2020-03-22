The objective is to delete id stored in session after logout.
Note:
- session_start() has been called at the start of the request
- Error reporting is turned on
After using the usual
unset, if I
var_dump, it appears to have truly removed the id, yet the same id is available on subsequent requests to other routes. This doesn’t apply to unset alone, as I have observed when inserting on that request too
public function signout () {
unset($_SESSION['login_id'] );
$_SESSION['jhg'] = 6778; // on next request to another route, this is nowhere to be found, while the login_id remains hail and hearty
return [];
}
The only way I was able to successfully clear the value was with this hack
$eds = array_filter($_SESSION, function ($k) {
return $k != 'login_id';
}, ARRAY_FILTER_USE_KEY);
$_SESSION = []; session_destroy();
session_start(); $_SESSION = $eds;
This works because I realized destroying the entire session is persisted across requests. That’s the only operation on the superglobal that works on this particular request/route. Altering the session elsewhere works just as the docs say. What could be going on?