Hi folks!
A few days ago I started writing a backend system for my website. Of course I had to secure my admin system.
Today I 'finished' the scripting and started testing the backend admin. After logging out I noticed that I wasn't logged out at all!
The logging procedure works like this:
first I check user/pass and after that I put some user data in an array called userdata. Then I start a session...
session_start();
session_cache_limiter("no-cache, must-revalidate");
.. and create a new session variable: $_SESSION["ADMUSER"] = (array)$userdata;
OK... work fine! Then I log out with the following lines:
<?
session_start();
$SESSION["ADMUSER"] = null;
unset($SESSION["ADMUSER"]);
unset($ADMUSER);
// Remove cookie...
unset($_COOKIE[session_name()]);
setcookie(session_name());
session_unset();
session_destroy();
?>
After the logging out procedure I checked the $SESSION and $COOKIE vars... and my user data was not destroyed!
Can anyone please tell me what's going on?
PS... my PHP version is 4.1.2 => Buggy?
Greetz from Holland!
Daniel
