The problem is that the php code to clear the sessions and to redirect if not logged in comes inside the HTML <body> tag, it should be before the doctype tag for the redirect to work.
<?php require_once( "../webassist/security_assist/helper_php.php" ); ?>
<?php
@session_start();
if ("" == ""){
// WA_ClearSession
$clearAll = TRUE;
$clearThese = explode(",","");
if($clearAll){
foreach ($_SESSION as $key => $value){
unset($_SESSION[$key]);
}
}
else{
foreach($clearThese as $value){
unset($_SESSION[$value]);
}
}
}
?>
<?php
if (WA_Auth_RulePasses("Logged in to users")){
WA_Auth_RestrictAccess("../index.php");
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Logged Out</title>
</head>
<body>
<div id="LogOutContainer" class="WAATK">
<h1>Log Out</h1>
You have successfully logged out. </div>
<p><a href="login.php">Login.</a></p>
</body>
</html>