curious 'if' statements

...this is 98% of the entire code on the page

What's the other 2%?

Is this script a 'page' that is accessed directly in the browser? Or is it included as part of another script?

Because if there's no session already, session_destroy() will give you an error, something like "Hey dude there's no session to destroy." :-) Try it.

<?php
error_reporting(E_ALL);
session_start();
session_destroy();
echo "<br>Session destroyed";
session_destroy(); // kicks error "Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in /home/username/public_html/sess-destroy.php on line 6"
?>

Surrounding calls to variables that may or may not exist, or functions that may or may not be initialized, is just good programming. Even on a server with PHP errors quieted (which is most servers today) it helps prevent clogging up error logs with trivial poor programming errors/warnings. It's anything but silly and far underused.

Another aspect of this approach is economy. Consider the following.

if (isset($myvar) and (! empty($myvar) and ($myvar !='')) {
echo "Wow that seems like a lotta programming for a simple task.";
}

The previous is (painfully) simplistic and common. Now look at this.
$myvar = null; // Good practice: initialize your variables.

if ($myvar) {
echo $myvar;
}

What will happen above? Nothing. $myvar is null. But we don't need to check if it's set or empty or even an empty string because we've initialized it as null. If anything is set between initialization and the if construct, then it will be something other than null.

This is the same concept as your initial code - "If I can execute session_destroy it means there's a session to destroy, so do it and redirect." But in three lines and one if condition. :-)

Because if there's no session already, session_destroy() will give you an error...
:
This is the same concept as your initial code - "If I can execute session_destroy it means there's a session to destroy, so do it and redirect."

Not the same concept. Surrounding session_destroy() in an IF still executes session_destroy() if there is no session... and triggers an E_WARNING.

IMHO the only logic that that snippet of code suggests (without seeing the bigger picture) is that it is undesirable to be redirected to login.php (which should incidentally be an absolute path) if the session could not be destroyed. But what happens on failure? As it stands I can't see anything useful with that bit of code, or any real need for the IF(), other than if the user could access that script directly when perhaps the session has not been started? Hence the questions in my post above.

Ha ok guys here it is.

I'm entirely dubious about this whole script now myself, as mentioned it was borrowed from a tutorial (oh the irony).

The entire script for 'logout' was just exactly as pasted above prety much.

So as not to double post, the rest of the script is here [webmasterworld.com...]

but I have since bee trying to solve my referer problems and errors by removing the session destroy and replacing it with unset['appropriate_bit'] so my new script reads

<?php

include ($_SERVER['DOCUMENT_ROOT'] . "/db_connect.php");
// Ther're leaving, update their last online time etc

$member_ID = $_SESSION['member_ID'];

$update = "UPDATE members_log";
$update.= " SET log_lastonline = log_activecheck,";
$update.= " log_isonline = 'n'";
$update.= " WHERE log_mem_ID = '$member_ID'";
mysql_query($update);

// LOG OUT

session_start();

unset($_SESSION['login_user']);

header("Location: http://www.website.com/bye.php");
?>

I was just confused about the curious if usage because the original script I got had literaly 'session start() - if(session destroy) { header = etc. }

... full stop

Honestly folks, program your own, learn how in ten minutes and save five hndred minutes of grief wonderng what you've not understood. ...or, am I still missing something? It's so easy to trust other folks when you don't know how, but lookig up cool code snippets on the net I'm beginning to think is like saying yea it must be true because I saw it on tv :D

penders thanks I've bashed eveything into shape now thanks to your hints and it's all working good, but when I came to adjust the logout script I got confiused by this and had to ask!

...the original script I got had literaly 'session start() - if(session destroy)

It is possible that session_destroy() could fail for other reasons (other than the session not being started), especially if you are using a custom session handler, but I don't think this necessarily applies here. But it is possibly correct to prevent a redirection to login.php if session_destroy() failed (we are not saying this is wrong), since the user may not be logged out and would probably be unable to (re)login so redirecting to login.php unconditionally could result in a perpetuating loop(?) But you would need to do more than simply IF() in order to resolve this.

Just a thought with your current logout script above... do you log (in your DB) the users login state elsewhere in your code? What if the user simply closed their browser window and did not explicitly 'logout'?

...when I came to adjust the logout script I got confiused by this and had to ask!

Absolutely - it's good to question.