$session->destroy() throws exception

Why does this throw an exception?

PHP Code:

        $session = \Config\Services::session();
        $session_username = $session->get( 'session_username' );
        $session_login_time = $session->get( 'session_login_time' );
        $session_login_ip = $session->get( 'session_login_ip' );
        if ( ! empty( $session_username) && ! empty( $session_login_time )  && ! empty( $session_login_ip ) ) {
            error_log( basename( __FILE__ ) . ' (' . __FUNCTION__ . '): Session already active, re-directing to /' );
            return( $this->response->redirect( base_url() ) );
        }
        $ip_address = $this->request->getIPAddress();
        if ( empty( $ip_address ) ) {
            error_log( basename( __FILE__ ) . ' (' . __FUNCTION__ . '): Missing or invalid IP address "' . $ip_address . '", re-directing' );
            $session->destroy();
            return( $this->response->redirect( base_url() ) );
        }
        // .. code continues 


---

It throws an exception ("session_destroy(): Trying to destroy uninitialized session") when it gets to $session->destroy().

But if it's an uninitialized session, why doesn't it throw the exception sooner?

I honestly don't think the destroy() call should throw an exception. I have several blocks of code that do cleanup and then re-direct, so I add a destroy() call inside each of those blocks. I can't see anywhere in the PHP reference that session_destroy() in itself would ever throw an exception.

-joho

You are assigning variables to session variables that may not exist. If that session variable does not exist you will get an exception. If you are running Codeigniter in development mode, the displayed webpage would likely highlight the problem line of code.

You are assigning variables to session variables that may not exist. If that session variable does not exist you will get an exception.  If you are running Codeigniter in development mode, the displayed webpage would likely highlight the problem line of code.

Not sure I understand what you mean.

$session->get() will not throw an exception if the requested key name does not exist, it will simply return "nothing".

The exception points to $session->destroy(), as I outlined above.

-joho

Cannot reproduce.

I see "$session_username null".

PHP Code:

<?php

namespace App\Controllers;

class Home extends BaseController
{
    public function index(): string
    {
        $session            = \Config\Services::session();
        $session_username  = $session->get('session_username');
        $session_login_time = $session->get('session_login_time');
        $session_login_ip  = $session->get('session_login_ip');
        $session->destroy();

        dd($session_username);
    }
} 


ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper

Interesting. And what happens if you add one more call to $session->destroy()?

-joho

Oh, I got your problem!
It is your miscoding.
You cannot destroy uninitialized session.
PHP causes an error (Warning), and CI4 make all errors into Exceptions.

If you want to destroy Session, you must start the session.

PHP Code:

        $session = \Config\Services::session();
        $session->destroy();

        $session->start();
        $session->destroy(); 


ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper