Session::destroy() now also removes session data from cookie

3e255e54 · Taddeus Kroes · 5614a4de · 3e255e54 · 3e255e54
Commit 3e255e54 authored 12 years ago by Taddeus Kroes
--- a/session.php
+++ b/session.php
@@ -92,11 +92,23 @@ class Session implements Singleton {
 		$_SESSION = array();
 	}
 	
-	function destroy($clear=false) {
+	function destroy($clear=true) {
+		// Delete session
+		session_destroy();
+		
+		// Clear session variables
 		if ($clear)
 			$this->clear();
 		
-		session_destroy();
+		// Delete session cookie
+		if (ini_get('session.use_cookies')) {
+			$params = session_get_cookie_params();
+			setcookie(session_name(), '', time() - 42000, $params['path'],
+				$params['domain'], $params['secure'], $params['httponly']);
+		}
+		
+		// Delete reference to instance so that the next getInstance() call
+		// will start a new session
 		self::$instance = null;
 	}
 }

--- a/tests/test_session.php
+++ b/tests/test_session.php
@@ -72,9 +72,6 @@ class SessionTest extends SingletonTestCase {
 		$old_id = session_id();
 		$this->session->regenerateId();
 		$this->assertNotEquals($old_id, session_id());
-		
-		// Disable output buffering to show progress on other tests
-		@ob_end_flush();
 	}
 	
 	function testClear() {
@@ -83,17 +80,12 @@ class SessionTest extends SingletonTestCase {
 		$this->assertEmpty($_SESSION);
 	}
 	
-	function testDestroySimple() {
-		$this->session->destroy();
-		$this->assertEquals('', session_id());
-	}
-	
 	/**
 	 * @depends testClear
 	 */
 	function testDestroyClear() {
 		$_SESSION['foo'] = 'bar';
-		$this->session->destroy(true);
+		$this->session->destroy();
 		$this->assertEmpty($_SESSION);
 		$this->assertEquals('', session_id());
 	}