PHP4/NT4/IIS4 Sessions - need help destroying

Anon

Ouch... Losing all of the tips, code, and experience that was on this site is nothing short of tragic. Combing through it all had become a daily ritual of mine. I've learned so much from this site...

WIth that said, I guess I'll share my current challenge (or ignorance) to get things rolling again. I'm using NT4, IIS4, and PHP4 for a new project. I'm trying to use PHP's new session management features and they are working just fine; that is, until I try to destroy the session. No matter what I've tried, I can't destroy the session or even unregister the session variables I've set using the session functions. Sessions will timeout and the garbage collection routine will clean them off, but I can't seem to explicitly destroy a session when, for instance, someone logs off the application. It's really odd because all of the other session functions/features are working as expected.

Anyone else experienced this?

Thanks
st

Anon

I do not use WinNT or IIS, so I can only give some ideas from what I observed from people having similar problems.
Do you know if your web server is caching the information somehow? Are you using files for the session control, or a database?

Good luck

Anon

I'm using files for the session control, so I've been watching the directory where they are written to see what's happening. They're are created and updated appropriately during the life of a session, but when I use session_destroy() the files are not removed. They are removed, however, by the garbage collection routine. It's really frustrating because all other behavior is as expected.

I appreciate the suggestion on checking out server caching, but that does not appear to be the problem.

I just loaded a Linux box, so I'm going to try the code there to see if it's just an NT/IIS issue. Unfortunately, I can't use that platform when I implement.

Thanks
st

Anon

Seems to be more than just a Platform issue - I am using PHP4 on a Linux box and session_destroy() doesn't seem to be doing much for me either. Very frustrating as I NEED to ensure that a new session is created upon login.

Any suggestions for a work-around that would do the same thing as session_destroy()?

Anon

I'm still having this problem, too.

What I've been doing that seems to provide a workaround on NT is explicitly set each registered session variable to an empty string or 0 (as appropriate), re-register them all, and then call setcookie(SID) to destroy the client's cookie. This is working great for me, but it does leave garbage session files on the server until the garbage collection routine cleans them up.

Sloppy solution, but it works!

Good luck! - st

Anon

Shannon Terry,

Please, please, please show me the code you're talking about to set the session variables and destroy the client cookie.

Anon

Here's a quick example of how you might try to kill your sessions if you can't get session_destroy to work. Be sure to experiment thoroughly, and good luck!!

<pre>
function user_logout() {
// Simple example assuming that cookie sent to client is PHPSESSID (default)
// $session_user is a string representing a userid of a client user and was
// previously registered using session_register... but now it is time to logout

// here are various ideas to get around session_destroy
// 1. explicitly set $session_user to empty string and re-register
$session_user='';
session_register('session_user');

// 2. you can do this if session_unregister works for you
session_unregister('session_user');

// 3. try using session_unset() which should clear all session variables
session_unset();

// destroy the client cookie by calling setcookie with name argument only
setcookie("PHPSESSID");
}
</pre>