public function SessionManager::destroy in Drupal 10
Same name and namespace in other branches
- 8 core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()
- 9 core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()
File
- core/
lib/ Drupal/ Core/ Session/ SessionManager.php, line 226
Class
- SessionManager
- Manages user sessions.
Namespace
Drupal\Core\SessionCode
public function destroy() {
if ($this
->isCli()) {
return;
}
// Symfony suggests using Session::invalidate() instead of session_destroy()
// however the former calls session_regenerate_id(TRUE), which while
// destroying the current session creates a new ID; Drupal has historically
// decided to only set sessions when absolutely necessary (e.g., to increase
// anonymous user cache hit rates) and as such we cannot use the Symfony
// convenience method here.
session_destroy();
// Unset the session cookies.
$session_name = $this
->getName();
$cookies = $this->requestStack
->getCurrentRequest()->cookies;
// setcookie() can only be called when headers are not yet sent.
if ($cookies
->has($session_name) && !headers_sent()) {
$params = session_get_cookie_params();
setcookie($session_name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
$cookies
->remove($session_name);
}
}