function SessionManager::destroy

Same name in other branches
  1. 8.9.x core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()
  2. 10 core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()
  3. 11.x core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()

Overrides SessionManagerInterface::destroy

1 call to SessionManager::destroy()
SessionManager::save in core/lib/Drupal/Core/Session/SessionManager.php

File

core/lib/Drupal/Core/Session/SessionManager.php, line 244

Class

SessionManager
Manages user sessions.

Namespace

Drupal\Core\Session

Code

public function destroy() {
    if ($this->isCli()) {
        return;
    }
    // Symfony suggests using Session::invalidate() instead of session_destroy()
    // however the former calls session_regenerate_id(TRUE), which while
    // destroying the current session creates a new ID; Drupal has historically
    // decided to only set sessions when absolutely necessary (e.g., to increase
    // anonymous user cache hit rates) and as such we cannot use the Symfony
    // convenience method here.
    session_destroy();
    // Unset the session cookies.
    $session_name = $this->getName();
    $cookies = $this->requestStack
        ->getCurrentRequest()->cookies;
    // setcookie() can only be called when headers are not yet sent.
    if ($cookies->has($session_name) && !headers_sent()) {
        $params = session_get_cookie_params();
        setcookie($session_name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
        $cookies->remove($session_name);
    }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.