function SessionManager::destroy
Same name in other branches
- 8.9.x core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()
- 10 core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()
- 11.x core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()
Overrides SessionManagerInterface::destroy
1 call to SessionManager::destroy()
- SessionManager::save in core/
lib/ Drupal/ Core/ Session/ SessionManager.php
File
-
core/
lib/ Drupal/ Core/ Session/ SessionManager.php, line 244
Class
- SessionManager
- Manages user sessions.
Namespace
Drupal\Core\SessionCode
public function destroy() {
if ($this->isCli()) {
return;
}
// Symfony suggests using Session::invalidate() instead of session_destroy()
// however the former calls session_regenerate_id(TRUE), which while
// destroying the current session creates a new ID; Drupal has historically
// decided to only set sessions when absolutely necessary (e.g., to increase
// anonymous user cache hit rates) and as such we cannot use the Symfony
// convenience method here.
session_destroy();
// Unset the session cookies.
$session_name = $this->getName();
$cookies = $this->requestStack
->getCurrentRequest()->cookies;
// setcookie() can only be called when headers are not yet sent.
if ($cookies->has($session_name) && !headers_sent()) {
$params = session_get_cookie_params();
setcookie($session_name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
$cookies->remove($session_name);
}
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.