+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: sess_destroy bug (/showthread.php?tid=17637)
sess_destroy bug - El Forum - 04-10-2009
[eluser]KingSkippus[/eluser]
Okay, at the risk of sounding a bit presumptuous, shouldn't sess_destroy() also wipe the userdata variable? For example, right now, if I run the following code:
Code:
$this->session->set_userdata('foo', 'monkey');
$this->session->sess_destroy();
echo "Userdata 1: ".(
$this->session->userdata('foo') === FALSE
? 'not set'
: $this->session->userdata('foo')
);It outputs "monkey," even though I explicitly told it to destroy the session that I had set up. This doesn't make sense to me.
I would recommend the following change be made to Session.php:
Code:
/**
* Destroy the current session
*
* @access public
* @return void
*/
function sess_destroy()
{
// Kill the session DB row
if ($this->sess_use_database === TRUE AND isset($this->userdata['session_id']))
{
$this->CI->db->where('session_id', $this->userdata['session_id']);
$this->CI->db->delete($this->sess_table_name);
}
// Kill the cookie
setcookie(
$this->sess_cookie_name,
addslashes(serialize(array())),
($this->now - 31500000),
$this->cookie_path,
$this->cookie_domain,
0
);
// Destroy the userdata structure (this is the new line...)
$this->userdata = array( );
}If that change is made, then the above code would output "not set," which is what I would expect.
sess_destroy bug - El Forum - 04-10-2009
[eluser]elvix[/eluser]
if the session is stored in the db (and maybe even in cookie, not sure), you're probably gonna need to reload the page before seeing the updated session data (i.e, destroyed).