What is the difference between session_unset() and session_destroy() in PHP?

From the php.net documentation:

> session_destroy — Destroys all data registered to a session

> session_unset — Free all session variables

My three part question is:

The two functions seem very similar.
What is really the difference between the two?

Both seem to delete all variables registered to a session. Does any of them actually destroy the session itself? If not, how do you accomplish this (destroy the session itself).

Is it correct that neither of the two functions deletes the session cookie at the client?

session_unset just clears the $_SESSION variable. It’s equivalent to doing:

$_SESSION = array();

So this does only affect the local $_SESSION variable instance but not the session data in the session storage.

In contrast to that, session_destroy destroys the session data that is stored in the session storage (e.g. the session file in the file system).

Everything else remains unchanged.

session_destroy(); is deleting the whole session.

session_unset(); deletes only the variables from session - session still exists. Only data is truncated.

session_unset();

> Just clear all data of all session variable.

session_destroy();

> Remove all session.

---

Example:

session_start();
session_destroy();     
$a = "1234";
$_SESSION[a] = $a;

> $_SESSION[a] is NULL.

session_start();
session_unset();     
$a = "1234";
$_SESSION[a] = $a;

> $_SESSION[a] is 1234.

So, I will use:

session_start();
session_destroy();   
session_start();  
$a = "1234";
$_SESSION[a] = $a;

session_unset() will clear the $_SESSION variable (as in array()), but it won't touch the session file. But when the script ends; the state of the $_SESSION will be written to the file. Then it will clear the file but won't delete it. When you use session_destroy() it won't touch $_SESSION (Use var_dump($_SESSION) after session_destroy()), but will delete the session file, so when script exits there won't be a file to write the state of the $_SESSION.

I tried to use session_unset($_SESSION['session_name']) thinking it will only unset specific or individual/single session name. But using session_unset($_SESSION['session_name']) will only unset all session name. The right code to use is only unset($_SESSION['session_name']) if you want to unset a single session name.

session_destroy() will delete the session after moving the page and session_unset() will delete session when the code is run.

session_start(); #it will create an virtual array (associative) in browser realtime memory

#two item added

> $_SESSION['me'] = "Yadab";  
> $_SESSION['you'] = "Avi";
>
> print_r($_SESSION); #will give, array( "me"=>"Yadab", "you"=>"Avi" )

#test1

> unset($_SESSION['me']); #only 'me' variable is removed fully (index & value) 
> print_r($_SESSION); #now the array is Array("you"=>"Avi")

#test2

> session_destroy(); #will unset the values of all session variables, but indexes exists 
> print_r($_SESSION); #Output, Array("you"=>undefined)
> #but some browser can store the value in cookies

#test3

> session_unset(); #will unset all the main variables not only the values 
> print_r($_SESSION); #that means session array is now empty, like Array()

#test block 1, 2, or 3 at individually by comment out others

I think session_destroy() and session_unset() should be used at the same time to make sure that session data is surely deleted.