Clean up to use session methods and not _SESSION directly

Add session_unset for unsetAll and rename this method to "clear"

4dev/tests/Create/CoreLibsCreateSessionTest.php

@@ -444,7 +444,7 @@ final class CoreLibsCreateSessionTest extends TestCase
 			);
 		}
 		// unset all
-		$session->unsetAll();
+		$session->clear();
 		// check unset
 		foreach (array_keys($test_values) as $name) {
 			$this->assertEquals(

www/admin/class_test.lang.php

@@ -16,6 +16,8 @@ define('USE_DATABASE', false);
 require 'config.php';
 // define log file id
 $LOG_FILE_ID = 'classTest-lang';
+$SET_SESSION_NAME = EDIT_SESSION_NAME;
+$session = new CoreLibs\Create\Session($SET_SESSION_NAME);
 ob_end_flush();
 
 $PAGE_NAME = 'TEST CLASS: LANG';
@@ -70,10 +72,12 @@ print "[OVERRIDE]: " . Support::printAr($get_locale) . "<br>";
 // DEFAULT_DOMAIN
 // DEFAULT_CHARSET (should be set from DEFAULT_LOCALE)
 // LOCALE_PATH
-$_SESSION['DEFAULT_LOCALE'] = 'ja_JP.UTF-8';
-$_SESSION['DEFAULT_CHARSET'] = 'UTF-8';
-$_SESSION['DEFAULT_DOMAIN'] = 'admin';
-$_SESSION['LOCALE_PATH'] = BASE . INCLUDES . LOCALE;
+$session->setMany([
+	'DEFAULT_LOCALE' => 'ja_JP.UTF-8',
+	'DEFAULT_CHARSET' => 'UTF-8',
+	'DEFAULT_DOMAIN' => 'admin',
+	'LOCALE_PATH' => BASE . INCLUDES . LOCALE,
+]);
 $get_locale = Language\GetLocale::setLocaleFromSession(
 	SITE_LOCALE,
 	SITE_DOMAIN,
@@ -86,10 +90,12 @@ print "[SESSION SET]: " . Support::printAr($get_locale) . "<br>";
 // DEFAULT_DOMAIN
 // DEFAULT_CHARSET (should be set from DEFAULT_LOCALE)
 // LOCALE_PATH
-$_SESSION['DEFAULT_LOCALE'] = '00000#####';
-$_SESSION['DEFAULT_CHARSET'] = '';
-$_SESSION['DEFAULT_DOMAIN'] = 'admin';
-$_SESSION['LOCALE_PATH'] = BASE . INCLUDES . LOCALE;
+$session->setMany([
+	'DEFAULT_LOCALE' => '00000#####',
+	'DEFAULT_CHARSET' => '',
+	'DEFAULT_DOMAIN' => 'admin',
+	'LOCALE_PATH' => BASE . INCLUDES . LOCALE,
+]);
 $get_locale = Language\GetLocale::setLocaleFromSession(
 	SITE_LOCALE,
 	SITE_DOMAIN,

www/admin/class_test.php

@@ -205,8 +205,8 @@ print "HOST: " . HOST_NAME . " => DB HOST: " . DB_CONFIG_NAME . " => " . Support
 print "DS is: " . DIRECTORY_SEPARATOR . "<br>";
 print "SERVER HOST: " . $_SERVER['HTTP_HOST'] . "<br>";
 
-print "ECUID: " . $_SESSION['ECUID'] . "<br>";
-print "ECUUID: " . $_SESSION['ECUUID'] . "<br>";
+print "ECUID: " . $session->get('ECUID') . "<br>";
+print "ECUUID: " . $session->get('ECUUID') . "<br>";
 
 print "</body></html>";
 

www/lib/CoreLibs/ACL/Login.php

@@ -2534,13 +2534,12 @@ HTML;
 	{
 		if (
 			$edit_access_id !== null &&
-			isset($_SESSION['UNIT']) &&
-			is_array($_SESSION['UNIT']) &&
-			!array_key_exists($edit_access_id, $_SESSION['UNIT'])
+			is_array($this->session->get('UNIT')) &&
+			!array_key_exists($edit_access_id, $this->session->get('UNIT'))
 		) {
 			$edit_access_id = null;
-			if (is_numeric($_SESSION['UNIT_DEFAULT'])) {
-				$edit_access_id = (int)$_SESSION['UNIT_DEFAULT'];
+			if (is_numeric($this->session->get('UNIT_DEFAULT'))) {
+				$edit_access_id = (int)$this->session->get('UNIT_DEFAULT');
 			}
 		}
 		return $edit_access_id;

www/lib/CoreLibs/Create/Session.php

@@ -294,11 +294,15 @@ class Session
 	 * - unset session_name and session_id internal vars
 	 * - destroy session
 	 *
-	 * @return bool
+	 * @return bool True on successful session destroy
 	 */
 	public function sessionDestroy(): bool
 	{
-		$this->unsetAll();
+		// abort to false if not unsetable
+		if (!session_unset()) {
+			return false;
+		}
+		$this->clear();
 		if (
 			ini_get('session.use_cookies') &&
 			!ini_get('session.use_strict_mode')
@@ -331,9 +335,12 @@ class Session
 	 *
 	 * @return void
 	 */
-	public function unsetAll(): void
+	public function clear(): void
 	{
 		$this->restartSession();
+		if (!session_unset()) {
+			throw new \RuntimeException('[SESSION] Cannot unset session vars', 1);
+		}
 		if (!empty($_SESSION)) {
 			$_SESSION = [];
 		}

www/lib/CoreLibs/Output/Form/Token.php

@@ -2,7 +2,7 @@
 
 /*
  * sets a form token in the _SESSION variable
- * session must be started for this to work
+ * session must be started and running for this to work
  */
 
 declare(strict_types=1);