If you rely on sessions in your application, just one call to session_destroy(), like that without any arguments, all your storage is reset. Doesn’t matter if it’s a shopping cart, logged in user’s surfing session, message alert, et cetera.

The only viable solution is to user namespaces like$_SESSION['userSession'] (with loggedInSince as possible key), $_SESSION['shoppingCart'] like such:

  • product
    • id => 4
    • quantity => 5

Thus, session_destroy() becomes unset($_SESSION['namespace']).