When I logout by destroying the session and start another one it always shows me the first session info I started $_SESSION[‘username’];
What I mean here is that : I started a session the first time I logged with this username –> AAAAAA And destroyed the session using the file logout.php which contains this code :
session_start(); session_destroy(); header("location: login.php");
and login with another username —> BBBBBB and it always shows me the first username I logged in with—> AAAAAA
Where is the problem here
Here is the code (login.php)
<?php session_start(); require_once "config/db.php"; if(isset($_POST['login'])){ $username = trim(mysql_real_escape_string($_POST['username'])); $password = trim(mysql_real_escape_string(md5($_POST['password']))); $query = mysql_query("SELECT * FROM `users` WHERE username='$username' AND password='$password' ") or die(mysql_error()); $rows = mysql_num_rows($query); if($rows == 1){ while($info = mysql_fetch_object($query)){ $dbusername = $info->username; $dbpassword = $info->password; } if($dbusername == $username && $dbpassword == $password){ header("Location: index.php"); $_SESSION['username'] = $username; } }else{ } } ?>
the index.php :
<?php session_start();?> <h3><?php echo $_SESSION['username']; ?></h3>
Advertisement
Answer
From docs:
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
session_unset(); session_destroy(); session_write_close(); setcookie(session_name(),'',0,'/'); session_regenerate_id(true);