Warning: session_destroy(): Trying to destroy uninitialized session

14
votes

my class.inc file:

<?php
class logout{
    public function logout(){
        $_SESSION = array();
        if (ini_get("session.use_cookies")) {
            $params = session_get_cookie_params();
            setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params["httponly"]);
        }
        session_destroy();
    }   
}

?>

used code for my logout:

session_start();
require($path."include/class.inc");
if(!empty($_GET['logout'])){
    $object=new logout();
    $object->logout();
    $content='5;url='.$path.'index.php';
}

When the logout function is called, it destroys the session, but shows the warning:

Warning: session_destroy(): Trying to destroy uninitialized session in class.inc on line 9

I am unable to troubleshoot, as the session is not being destroyed by any other means before the session_destroy() of class.inc.

7
phpsession
Where are you starting the session? - Tobias Golbs
This error warning comes when there is not any session started. - Rohit Choudhary
i'm starting the session in each page at the top just after <?php with session_start(); - RatDon
Also at your logout page? - Tobias Golbs
@TobiasKun my logout is on same page only. it's inside a head.inc file which is included in every page. - RatDon

7 Answers

38
votes

You have to call the function mentioned below at the top your logout function in the logout class.

session_start();

Add the above function and try it out. If you don’t start the session at the top of your file, it will throw exceptions like “headers already sent”, “can’t start the session”, etc.

13
votes

This error is common when you haven't started the session beforehand

if (!isset($_SESSION))
  {
    session_start();
  }
2
votes

I encountered the session_destroy() error message when I started using session_write_close(). To determine if session_destroy() should be called or not, I had to do the following:

class Session {
    public static function start() {
        self::$haveSession = true;
        session_start();
    }
    public static function finish() {
        session_write_close();
        self::$haveSession = false;
    }
    public static function clear() {
        if (self::$haveSession) {
            session_unset();
            session_destroy();
        }
    }
}

In PHP >= 5.4 it should work to replace if (self::$haveSession) with if(session_status() === PHP_SESSION_ACTIVE).

2
votes

https://www.php.net/manual/en/function.session-status.php

if (session_status() === PHP_SESSION_ACTIVE)
        session_destroy();
1
votes

You can add this code to start a session if it didn't start before

if(!session_id()) {
    session_start();
}
0
votes

Start your session session_start(); and you can destroy your session

    <?php
    session_start();
    class logout{
        public function logout(){
            $_SESSION = array();
            if (ini_get("session.use_cookies")) {
                $params = session_get_cookie_params();
                setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params["httponly"]);
            }
            session_destroy();
        }   
    }

?>
0
votes

You'll have to call session_start() before you call session_destroy();

Are you storing session in data in files or in a database. If you are storing it in a database, I normally just delete the record from the session table that corresponds to the session id, that way you don't have to unregister each session var and it actually deletes the whole session.