php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #49877 session_destroy example does not take session domain into account
Submitted: 2009-10-14 16:20 UTC Modified: 2009-11-13 20:49 UTC
From: php at dmi dot me dot uk Assigned:
Status: Closed Package: Documentation problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Developer Edit
 [2009-10-14 16:20 UTC] php at dmi dot me dot uk 
Description:
------------
Example on session_destroy() page is incorrect; it blindly assumes that the session cookie domain is the same as the hostname.

Reproduce code:
---------------
---
Example #1 from manual page: function.session-destroy#Examples
---


Expected result:
----------------
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), ini_get('session.cookie_domain'), time()-42000, '/');
}

Actual result:
--------------
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-13 20:48 UTC] svn@php.net 
Automatic comment from SVN on behalf of vrana
Revision: http://svn.php.net/viewvc/?view=revision&revision=290693
Log: Improve example (bug #49877)
 [2009-11-13 20:49 UTC] vrana@php.net 
Changed to:

if (ini_get("session.use_cookies")) {
	$params = session_get_cookie_params();
	setcookie(session_name(), '', time() - 42000,
		$params["path"], $params["domain"],
		$params["secure"], $params["httponly"]
	);
}
 [2009-11-13 20:49 UTC] vrana@php.net 
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Tue Jun 16 20:00:02 2026 UTC