Invalidating session in php
No way is guaranteed to work (across all major browsers and their different versions).Your connection could be dropped, or power go down which would make any 'on Close' event unreliable.Because it's quite useful for functionality of force an user offline.1.If you're using db or memcached to manage session, you can always delete that session entry directly from db or memcached.2.Or make sure your application does not have concurrent requests.
Although current session module does not accept empty session ID cookie, but immediate session deletion may result in empty session ID cookie due to client(browser) side race condition.While this approach will work in a simple scenario a couple of points should be addressed before you begin implementation. Otherwise maintenance of hundreds or thousands of connections via polling will do more harm than good.destroys all of the data associated with the current session.But, the function is also called when the user refreshes the page.I have also considered using the interface Disposable Bean but its dispose() method is also called when the browser is refreshed.
What I discovered is that clearing $_SESSION and removing the cookie destroys the session, hence the warning.