For logging out a user from my website, I am redirecting the page to logout.php where I am using session_destroy() function. Even there also, logout functionality is not working without session_start() function. By adding session_start() function before session_destroy() function, I am able to logout the user successfully.

Why do I need to use session_start() function everytime and in every page where I am doing something related to sessions?

session_destroy() destroys the active session. If you do not initialized the session, there will be nothing to be destroyed.

Why do I need to use session_start() function everytime and in every page where I am doing something related to sessions?

So PHP knows which session to destroy. session_start() looks whether a session cookie or ID is present. Only with that information can you destroy it.

In the default configuration, PHP Sessions operate off of the hard disk. PHP asks you to explicitly tell it when you need this support to avoid unnecessary disk IO.

session_start() also tells PHP to find out if the user's session exists.

session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.

as per http://php.net/manual/en/function.session-start.php

Essentially by calling session_start(), PHP reads the header and cross references that session ID to what is on your system(file system/database/etc), which can then populate the $_SESSION that is relavent to that specific user. Which in turn allows you to call session_destroy() because it knows what session to actually destroy.

consider session_start() as your way of telling the php engine.... that you want to work with sessions.

and, as i understand it, always make that to be the first line ever in php page.

I was confused with the usage of session_start(); and every time I was using a session variable, I was calling session_start. Precisely, I had session_start(); more than once on each page (without even calling session_destroy()). For example,

// 1st call
session_start();

if (!isset($_SESSION['UserID']))    
{       
    // Do something    
}

else
{
   // Do something else
}

// .... some other code

// 2nd call
session_start();

if (!isset($_SESSION['UserID']))    
{       
    // Do something totally different   
}

else
{
   // Do something else totally different
}

This was creating a performance issue for me. So I ended up calling session_start(); just once at the very top of the page and everything seems to be working fine.

You have to call session_start once (and only once) in every file you want sessions to work in.

A common approach allowing you to only call it once is to have a dispatcher file as your index.php; call session_start in here and have this page include others based on the url's $_GET.

<?php
    session_start();
    if(isset($_GET['page']) && file_exists('pages/'.$_GET['page'].'.php') {
        include $_GET['page'];
    }
?>
//www.mysite.com/index.php?page=fish will display /pages/fish.php with session access