POC of usage of the "Clear-Site-Data" HTTP response header.

poc_clear-site-data_header.php

<?php
//Local command to run example: "php -S localhost:8000"
//Get optional action: login / logout / random
$action="NA";
if (isset($_GET["a"])) {
    $action=$_GET["a"];
}
switch ($action) {
    //Login action fill session and local storage dummy data
    case "login":
        //1d duration persistant cookie
        session_start(["cookie_lifetime" => 86400,]);         
        $_SESSION["status"] = bin2hex(random_bytes(5)) . ":::CONNECTED"; 
        echo("<html><body>[LOGIN]<br>You are connected: <b>" . $_SESSION["status"] . "</b><script>localStorage.setItem('status', '" .  $_SESSION["status"] . "');</script></body></html>");
        break;
    //Logout action leverage the "Clear-Site-Data" header to remove data on client side
    //and display session and client side dummy data to proof the deletion
    case "logout":
        session_destroy();
        header("Clear-Site-Data: \"cache\",\"cookies\",\"storage\"");
        $status = "NA";
        if (isset($_SESSION["status"])) {
            $status =  $_SESSION["status"];
        }
        echo("[LOGOUT]<br>Your session status is <b>$status</b><br><script>document.write('Your local storage is <b>' + localStorage['status'] + '</b>.');</script>");  
        break;
    //Default "random" action just display session and client side dummy data
    default:
        //1d duration persistant cookie
        session_start(["cookie_lifetime" => 86400,]);     
        $status = "NA";
        if (isset($_SESSION["status"])) {
            $status =  $_SESSION["status"];
        }
        echo("[HOME]<br>Your session status is <b>$status</b><br><script>document.write('Your local storage is <b>' + localStorage['status'] + '</b>.');</script>");   
}
?>

LOGIN:

HOME:

LOGOUT - Leverage the header: