destroy()

public function destroy(): void

Description

Destroys all Trongate tokens from the current request context: session, cookie, HTTP headers, and database. Also performs cleanup of expired tokens.

This method is typically called during logout or when forcibly invalidating a user's sessions.

Parameters

This method accepts no parameters.

Return Value

Type	Description
void	This method does not return a value.

Example Usage

PHP

// Destroy all tokens (logout)
$this->trongate_tokens->destroy();

// Logout controller method
public function logout() {
    $this->trongate_tokens->destroy();
    set_flashdata('You have been logged out.');
    redirect('welcome');
}

// Force token invalidation (security incident)
public function force_logout_all_sessions(int $user_id) {
    $this->trongate_tokens->delete_old_tokens($user_id);
    $this->trongate_tokens->destroy();
    set_flashdata('All sessions for user #' . $user_id . ' have been invalidated.');
}

Notes

Removes token from $_SESSION['trongatetoken'] (sets to 'x' as fallback before unsetting).
Deletes the trongatetoken cookie by setting expiration to a past date.
Captures token from $_SERVER['HTTP_TRONGATETOKEN'] header if present.
Deletes all captured tokens from the database via $this->model->delete_tokens().
Calls $this->model->delete_old_tokens() to clean up expired tokens.
Use delete_old_tokens() for targeted deletion of expired tokens only.