session - What additional value does session_destroy bring when I am using session_regenerate_id(true) in PHP? -

i've been reading manual , various pages on web including lot's of questions here on so. however, i've still not been able head around concept of session_destroy() in php in conjunction other means of unsetting session data.

consider site never registers session variables outside $_session superglobal array.

session_start(); $_session = array(); session_regenerate_id(true); // new cookie + old session file on server deleted session_destroy();  // php here not done above? 

please note have built working login-logout scripts years. question not getting things work, want understand exactly happening.

(a lot of answers here on use session_unset() unsets registered variables. however, never use session_register(), seems redundant.)

let's go source. literally.

session_destroy() , session_regenerate_id() both implemented in ext/session/session.c in php source. it's obvious quick reading if pass true session_regenerate_id, calls s_destroy on underlying session save handler, exact same call 1 made session_destroy. behaviour has remained same since @ least 2005, according svn blame.

session_destroy make 2 additional calls php_rshutdown_session_globals , php_rinit_session_globals. among other things, causes session_destroy() call close function in save handler, done automatically when request has completed, anyway (see php_rshutdown_function). resets session inactive state (like before calling session_start), can seen calling session_status() (introduced in php 5.4).

the take away of never have call session_destroy before calling session_regenerate_id(true). however, if want reset session, still have call after, because otherwise session still active, , current contents of $_session written storage save handler when request has finished.