Sessions not being destroyed when attempting to logout
Hello,
The logout page that Security Assist automatically created has got the usual:
<?php
@session_start();
if ("" == ""){
// WA_ClearSession
$clearAll = TRUE;
$clearThese = explode(",","");
if($clearAll){
foreach ($_SESSION as $key => $value){
unset($_SESSION[$key]);
}
}
else{
foreach($clearThese as $value){
unset($_SESSION[$value]);
}
}
}
?>
as its coding. This suddenly did not seem to be working so I added the underneath to the logout page:
<?php
session_destroy();
?>
Sessions do not seem, however, to be being destroyed.
The login page of course has an auto-redirect "Redirect.php" page to which people are sent on a successful log in.
But when someone now logs out; and then clicks a link upon that logout page that takes them to the login page so they can lre-og in, then they are instead treated as if still logged in. Sessions do not seem to have been destroyhed. And not only that, they are auto-redirected to the above "Redirect Page". So they are being treated precisely as if they have done a successful login.
I give the URL details in the private area.