Logout Script.

Codevil

The code... ['logout.php']

if (isset($_COOKIE['Username'])) {

unset($_COOKIE['Username']);
echo "You have now been logged out!";

} else {
echo "You need to be logged in to logout!";
}

When I go to that webpage, the script checks if a cookie is set, which it is. When I first visit that page, I get a "You have now been logged out!" message, which I should expect. The thing that is getting to me is when I go to the page, for the second time. When I do this, I get the same message, as I did before. Shouldn't I get a "You need to be logged in to logout!" message, because on the first page visit, the cookie was set and that triggered off a section of code to expire the cookie. Could any one please tell me why I keep getting the "else' message, even though the cookie is unset?

bradgrafelman

Unsetting the array index in the $_COOKIE superglobal does nothing to the actual cookie. The cookie itself is a file saved on the user's computer. When the browser makes a request to the server, it also sends the cookie data to the server via HTTP headers.

When PHP is passed these headers, it copies the cookie data into a superglobal called $_COOKIE. This superglobal is a COPY, not a reference or anything like that.

To properly delete a cookie, you need to send new HTTP headers to the browser so that it knows the cookie has been expired. The manual for [man]setcookie/man has an example of how to delete a cookie.