session_destroy() doesn't work

Anon

When I use function session_destroy(), I have found that it still exists.(The session file like this sess_1983.....) In php.ini, session.use_cookies= 1
session.cookie_lifetime= 0
So I guess the session will expire after the browse is closed even if session_destroy() is called. Perhaps it is a bug. Any better method to destroy the session?

Anon

session_destroy() does not "destroy" the session by deleting the sess_XXX... file you see in /tmp. It only destroys the all the variables, data associated with the current session.

I am not positive what actually goes out and clean up all the sess_XXX.... files. If you don't want to see any sess_XXX files, there are actually two other ways to handle this. In your php.ini file, there should be a variable called session.save_handler. For your case, it's probably set to "files". If you change it to "mm", all the sessions will be saved to shared memory instead of file. Or, if you want to save the session data in a database, you can use "user" instead of "files". Check out this article on how to use mysql to store your sessions:

http://phpbuilder.org/columns/ying20000602.php3

Anon

A garbage collection routine runs 1% of the time and deletes all the old session files.