09-14-2016, 12:06 PM
Thanks for the quick reply. I have incentive to get this right the first time since I'm working on US5 code, so myself "just being right" doesn't help anything. I had a flakey internet connection yesterday when I was working on this, and that may have impacted some of the behaviors I was seeing.
I have removed the $user->isLoggedIn() check and the redirect, and "in general" things are still working as expected. That being said, when I am not logged in, and I wait the session_timeout duration of 10 seconds (usually 15 or 20 seconds to be safe) I saw yesterday, and occasionally today that I would get a token mismatch error when I would try to go immediately to login. The second behavior I saw was that while logged out, if the session timed out, my next mouse click would not take me to the right page, though it has not been consistent that I have seen that.
On another side, I figured that the session doesn't need to be destroyed when no one is logged in, so it would not accomplish anything to destroy the session when a user isn't logged in. But I don't have anything firm supporting that.
Lastly, when I was looking at it yesterday, I recalled seeing a Stackexchange discussion indicating that those session unset and destroy functions would destroy the server-side data, but that it still persisted for the given page view until a new page was requested, hence I think why I added the redirect to reload. But it is entirely possible that action is entirely unnecessary.
In conclusion, I'm of the opinion that I think what you have is fine, but just keep an eye out for strange behaviors (extra clicks needed, token errors, etc) so that if it does become a problem, I have a feeling it is somewhat related to some of these session activities.
I have removed the $user->isLoggedIn() check and the redirect, and "in general" things are still working as expected. That being said, when I am not logged in, and I wait the session_timeout duration of 10 seconds (usually 15 or 20 seconds to be safe) I saw yesterday, and occasionally today that I would get a token mismatch error when I would try to go immediately to login. The second behavior I saw was that while logged out, if the session timed out, my next mouse click would not take me to the right page, though it has not been consistent that I have seen that.
On another side, I figured that the session doesn't need to be destroyed when no one is logged in, so it would not accomplish anything to destroy the session when a user isn't logged in. But I don't have anything firm supporting that.
Lastly, when I was looking at it yesterday, I recalled seeing a Stackexchange discussion indicating that those session unset and destroy functions would destroy the server-side data, but that it still persisted for the given page view until a new page was requested, hence I think why I added the redirect to reload. But it is entirely possible that action is entirely unnecessary.
In conclusion, I'm of the opinion that I think what you have is fine, but just keep an eye out for strange behaviors (extra clicks needed, token errors, etc) so that if it does become a problem, I have a feeling it is somewhat related to some of these session activities.