You can unset session variable using:
session_unset- Frees all session variables (It is equal to using:$_SESSION = array();for older deprecated code)unset($_SESSION['Products']);- Unset only Products index in session variable. (Remember: You have to use like a function, not as you used)session_destroyโ Destroys all data registered to a session
To know the difference between using session_unset and session_destroy, read this SO answer. That helps.
You can unset session variable using:
session_unset- Frees all session variables (It is equal to using:$_SESSION = array();for older deprecated code)unset($_SESSION['Products']);- Unset only Products index in session variable. (Remember: You have to use like a function, not as you used)session_destroyโ Destroys all data registered to a session
To know the difference between using session_unset and session_destroy, read this SO answer. That helps.
I am including this answer in case someone comes to this page for the same reason I did. I just wasted an embarrassing amount of time trying to track the problem down. I was calling:
unset($_SESSION['myVar']);
from a logout script. Then navigating to a page that required login, and the server still thought I was logged in. The problem was that the logout script was not calling:
session_start();
Unsetting a session var DOES NOT WORK unless you start the session first.
Videos
Unset will destroy a particular session variable whereas session_destroy() will destroy all the session data for that user.
It really depends on your application as to which one you should use. Just keep the above in mind.
unset($_SESSION['name']); // will delete just the name data
session_destroy(); // will delete ALL data associated with that user.
Something to be aware of, the $_SESSION variables are still set in the same page after calling session_destroy() where as this is not the case when using unset($_SESSION) or $_SESSION = array(). Also, unset($_SESSION) blows away the $_SESSION superglobal so only do this when you're destroying a session.
With all that said, it's best to do like the PHP docs has it in the first example for session_destroy().
Try using wp_doing_ajax() like so:
function unset_filter_session() {
if ( ! wp_doing_ajax() ) {
//Reset sessions on refresh page
unset( $_SESSION['expenditure_filter'] );
}
}
UPDATE
You can check the answer's revision for this update part..
UPDATE #2
Sorry, I didn't realize that you're loading a page fragment (#content-area) using the jQuery.load() method. Or that you're not using the admin-ajax.php to handle the AJAX request.
So if you're not using the wp_ajax_{action} or wp_ajax_nopriv_{action} action, or with the way you do the AJAX request, you can check whether the X-Requested-With header is set and that its value is XMLHttpRequest, and if so, you can cancel the session unsetting, like so:
function unset_filter_session() {
if ( empty( $_SERVER['HTTP_X_REQUESTED_WITH'] ) ||
'XMLHttpRequest' !== $_SERVER['HTTP_X_REQUESTED_WITH'] ) {
//Reset sessions on refresh page, if not doing AJAX request
unset( $_SESSION['expenditure_filter'] );
}
}
That should work because jQuery always sets that header, unless you explicitly remove it โ or change its value.
See the headers option on the jQuery.ajax() reference:
The header
X-Requested-With: XMLHttpRequestis always added, but its defaultXMLHttpRequestvalue can be changed
Note: The header name is X-Requested-With, but in the superglobal $_SERVER, its key is HTTP_X_REQUESTED_WITH. I.e. Don't use $_SERVER['X-Requested-With'].
UPDATE #3
As suggested by Lawrence Johnson, you (ahem, we) should use filter_input():
function unset_filter_session() {
if ( 'XMLHttpRequest' !== filter_input( INPUT_SERVER, 'HTTP_X_REQUESTED_WITH' ) ) {
//Reset sessions on refresh page, if not doing AJAX request
unset( $_SESSION['expenditure_filter'] );
}
}
(but I kept the previous code for reference)
One thing you could consider doing is adding a header variable to your AJAX requests. Even a GET or POST param would likely to the trick. Perhaps something like this:
/**
* Unset filter session if page get's reloaded
*/
add_action( 'wp', 'unset_filter_session' );
function unset_filter_session() {
//Reset sessions on refresh page
if (!filter_input(INPUT_POST, 'isContentLoader', FILTER_SANITIZE_NUMBER_INT)) {
unset( $_SESSION['expenditure_filter'] );
}
}
And then
jQuery('#content-area').load(location.href + ' #content-area>*', { isContentLoader: 1 });
I have a web app that has a simple login using PHP sessions, along with a data processing component that retrieves and passes data from the web page back to server using PHP sessions to maintain the "conversation" or prior messages between requests.
Both technically worked fine in tandem when I first added, it's just that a user got kicked out following each completion of the AJAX session workflow. The login session was destroyed each time I called session_destroy().
I now just unset the specific session variables that were used in the AJAX workflow rather than calling session_destroy() - this is however still called in the login workflow when someone logs out. Although it's now all working as I want, are there any potential issues with this approach?