function SessionManager::destroy

Same name and namespace in other branches
  1. 9 core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()
  2. 8.9.x core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()
  3. 11.x core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()

Destroys the current session and removes session cookies.

Overrides SessionManagerInterface::destroy

1 call to SessionManager::destroy()
SessionManager::save in core/lib/Drupal/Core/Session/SessionManager.php

File

core/lib/Drupal/Core/Session/SessionManager.php, line 249

Class

SessionManager
Manages user sessions.

Namespace

Drupal\Core\Session

Code

public function destroy() {
  if ($this->isCli()) {
    return;
  }
  // Symfony suggests using Session::invalidate() instead of session_destroy()
  // however the former calls session_regenerate_id(TRUE), which while
  // destroying the current session creates a new ID; Drupal has historically
  // decided to only set sessions when absolutely necessary (e.g., to increase
  // anonymous user cache hit rates) and as such we cannot use the Symfony
  // convenience method here.
  session_destroy();
  // Unset the session cookies.
  $session_name = $this->getName();
  $cookies = $this->requestStack
    ->getCurrentRequest()->cookies;
  // setcookie() can only be called when headers are not yet sent.
  if ($cookies->has($session_name) && !headers_sent()) {
    $params = session_get_cookie_params();
    setcookie($session_name, '', $this->time
      ->getRequestTime() - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
    $cookies->remove($session_name);
  }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.