Error while destroying session in PHP

I am having problem in session handling in PHP(version 5.2.10). I am using the below mentioned functions for login, logout and validating sessions.

login()
{
    session_set_cookie_params(0);
    session_start();
    session开发者_开发知识库_regenerate_id(true);
    $_SESSION['user_id']
}

validate_session()
{
    session_set_cookie_params(0);
    session_start();
    if (isset($_SESSION['user_id']) === FALSE) {
        session_destroy();
        logout();
        header("Location: login_page");
    }
}

logout()
{
    session_set_cookie_params(0);
    session_start();
    $_SESSION = array();
    setcookie(session_name(), '', time() - 3600, '/');
    session_destroy();
}

Every page first makes a call to validate_session() function. If session invalid it redirects to the login page. login() function is used for creating the session for the user. When user clicks logout, the logout() function is called to destroy the session.

The problem is: randomly the logout() function throws the warning:

Warning: session_destroy(): Session object destruction failed

I am getting this warning very infrequently. Like out of 20-30 calls to logout, I get it once. Any thoughts?

I am developing on a windows xp machine.

Update: The sessions are stored in file-system.

Path: C:\WINDOWS\Temp

Is logout() called elsewhere than in validate_session() ? If not, the problem might be the call to session_destroy() before logout()

You could try this:

validate_session()
{
    session_set_cookie_params(0);
    session_start();
    if ( !isset( $_SESSION['user_id'] ) ) {
        logout();
        header("Location: login_page");
    }
}

logout()
{
    $_SESSION = array();
    setcookie(session_name(), '', time() - 3600, '/');
    session_destroy();
}

Found something which might be useful on this topic. The basic concerns are:

1. Whether the session is valid to begin with -- what is the return value from session_start()?
2. Whether the session files exist in the PHP.ini session.save_path and can be deleted.

I suspect in your case it is the first one. I don't remember where but I think I've seen the case where the session invalidated itself and then tried to repeat the process for some reason.

How are you storing your sessions? If it is file based it may be a timeout or permissions error?

Also, i wonder if the regenerate_id is causing the destroy function to look for a session that isn't technically there anymore. Have you tried setting that boolean argument to false in the regenerate function?

We had this issue on a CakePHP app, but we corrected it by jiggering with the Cake settings.