Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

How to delete session immediately - sensitive data

Go to End

3 Posts   672 Views


Community Member, 166 Posts

28 January 2014 at 4:24pm

Edited: 28/01/2014 4:28pm


I'm creating a form that handles sensitive data which isn't to be stored on the server.

How can I ensure that the session files that are created, are deleted immediately after the form submission?

Should I be calling Session::destroy() or Session::clear_all()?

A couple of questions:

  • * Are there any implications I should be aware of?
  • * The user doesn't need to be logged in, but if they were logged in, would that cause them to be logged out if I called Session::destroy() or Session::clear_all()?
  • * Is it possible to just clear the session variables related to the form's sensitive data?

Thanks very much.


Community Member, 473 Posts

28 January 2014 at 6:37pm

Forms only store the data in the session on validation failure. The data is then removed from the session as soon as the form has been displayed back to the user with their previous information. There is no need for you to be clearing the session yourself.


Community Member, 166 Posts

28 January 2014 at 6:54pm

Thanks Simon - that's good to know. Thanks for your reply.