When I logout by destroying the session and start another one it always shows me the first session info I started $_SESSION[‘username’];
What I mean here is that : I started a session the first time I logged with this username –> AAAAAA And destroyed the session using the file logout.php which contains this code :
session_start();
session_destroy();
header("location: login.php");
and login with another username —> BBBBBB and it always shows me the first username I logged in with—> AAAAAA
Where is the problem here
Here is the code (login.php)
<?php
session_start();
require_once "config/db.php";
if(isset($_POST['login'])){
$username = trim(mysql_real_escape_string($_POST['username']));
$password = trim(mysql_real_escape_string(md5($_POST['password'])));
$query = mysql_query("SELECT * FROM `users` WHERE username='$username' AND password='$password' ") or die(mysql_error());
$rows = mysql_num_rows($query);
if($rows == 1){
while($info = mysql_fetch_object($query)){
$dbusername = $info->username;
$dbpassword = $info->password;
}
if($dbusername == $username && $dbpassword == $password){
header("Location: index.php");
$_SESSION['username'] = $username;
}
}else{
}
}
?>
the index.php :
<?php session_start();?> <h3><?php echo $_SESSION['username']; ?></h3>
Advertisement
Answer
From docs:
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
session_unset(); session_destroy(); session_write_close(); setcookie(session_name(),'',0,'/'); session_regenerate_id(true);