Warning: session_destroy(): Trying to destroy uninitialized session with phpCas

Question

I am facing a problem today with the phpCas library https://wiki.jasig.org/display/CASC/phpCAS.

Problem is the following, when I try to use some logout function, I got the message

Warning: session_destroy(): Trying to destroy uninitialized session

After giving a quick look into the phpCas's library code, I manage to figure out where the problem comes from, here is a snippet of a logout function :

session_write_close();
header('Location: '.$cas_url);
phpCAS::trace("Prepare redirect to : ".$cas_url);
session_unset();
session_destroy();

The problem there it seems is that session_write_close() actually close the session then session_destroy() can't work.

Tried to put the session_write_close() in comment and worked like a charm but it leads to two questions :

• Is the problem really coming from there? Or should it work?

• If the problem do really come from there, why is it there and nobody complaining? Thought phpCas was a reknown library used by many.

Answer 1

Sounds like you checked out the master branch (2af859ff76) - just checked and it does have an error in it. You should:

• Check out one of the release branches, like 1.3-stable
• Log this bug with the author

Answer 2

As the manual suggests that "session_write_close — Write session data and end session" So you are getting fair warning. as Session has been closed already.

FYI

Answer 3

you need session_start(); before you can destroy it

also header("Location ...) is sending out headers so you can't close the session afterwards. do the redirect after closing the session