CodeIgniter sess_destroy not working, session not deleting

CodeIgniter uses cookies for session management by default, therefore you can’t use any native commands to help you out with session handling. Using the native PHP session, you can destroy the session in one line and follow it up with another line that expects the session to be cleared.

This cannot be done with CodeIgniter’s sess_destroy. This usage is typical in user authentication, here is an example scenario:

1. User lands on login page without properly logging out, so their session variables still exist
2. The session is cleared in order to insure proper session data population
3. Display the login form to the user

With the native PHP session management at step 3, the session would be cleared. This isn’t the case with CodeIgniter’s session class because it uses cookies.

Credit can be given, as you can find the following in the Session Class documentation:
This function should be the last one called…

However, it doesn’t explain why this should be last function called. The explanation for this can be found in the PHP docs:

Cookies will not become visible until the next loading of a page that the cookie should be visible for.

How does this relate to our issue with the sess_destroy function not destroying the function?
The sess_destroy is actually destroying the session, but it can’t be seen until the next page load.

This means that a redirect needs to be done after the sess_destroy in order to continue processing after destroying the session.

~ by ityndall on August 16, 2011.

Leave a Reply