You are here

public function SessionManager::destroy in Drupal 10

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()
  2. 9 core/lib/Drupal/Core/Session/SessionManager.php \Drupal\Core\Session\SessionManager::destroy()

File

core/lib/Drupal/Core/Session/SessionManager.php, line 226

Class

SessionManager
Manages user sessions.

Namespace

Drupal\Core\Session

Code

public function destroy() {
  if ($this
    ->isCli()) {
    return;
  }

  // Symfony suggests using Session::invalidate() instead of session_destroy()
  // however the former calls session_regenerate_id(TRUE), which while
  // destroying the current session creates a new ID; Drupal has historically
  // decided to only set sessions when absolutely necessary (e.g., to increase
  // anonymous user cache hit rates) and as such we cannot use the Symfony
  // convenience method here.
  session_destroy();

  // Unset the session cookies.
  $session_name = $this
    ->getName();
  $cookies = $this->requestStack
    ->getCurrentRequest()->cookies;

  // setcookie() can only be called when headers are not yet sent.
  if ($cookies
    ->has($session_name) && !headers_sent()) {
    $params = session_get_cookie_params();
    setcookie($session_name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
    $cookies
      ->remove($session_name);
  }
}