refactor: remove $_SESSION

kenjis · kenjis · commit a5b2c56c108e · 2022-05-25T17:52:20.000+09:00
It is a bad practice to depend on global variables.
diff --git a/src/Authentication/Authenticators/Session.php b/src/Authentication/Authenticators/Session.php
@@ -655,15 +655,17 @@ public function logout(): bool
 
         // Destroy the session data - but ensure a session is still
         // available for flash messages, etc.
-        if (isset($_SESSION)) {
-            foreach (array_keys($_SESSION) as $key) {
-                $_SESSION[$key] = null;
-                unset($_SESSION[$key]);
+        /** @var \CodeIgniter\Session\Session $session */
+        $session     = session();
+        $sessionData = $session->get();
+        if (isset($sessionData)) {
+            foreach (array_keys($sessionData) as $key) {
+                $session->remove($key);
             }
         }
 
         // Regenerate the session ID for a touch of added safety.
-        session()->regenerate(true);
+        $session->regenerate(true);
 
         // Take care of any remember-me functionality
         $this->rememberModel->purgeRememberTokens($this->user);
