PHP Session Help

[pacchiee]

I have used PHP Session to authenticate users to a panel. Since it is to be used offline in a single machine, after verifying the username and password combination, am storing the username in a session variable.

 

Further, I thought if somehow this session variable is edited, the user should be logged out and used this code.

 

if(isset($_SESSION['username']))
{
mysql_connect('localhost','database_user','database_password') or die(mysql_error());
mysql_select_db('database_name') or die(mysql_error());
$result = mysql_query("SELECT * FROM table WHERE username = '$_SESSION[username]'") or die(mysql_error()); 
$num_rows = mysql_num_rows($result);
mysql_close();
if($num_rows == "0")
{
	session_destroy();
	echo "<meta http-equiv=\"refresh\" content=\"0;url=login.php\">";
	exit;
}
}

 

If the number of rows fetched is zero, the user is taken to login page. But, the session data is not cleared. I want to clear all the session data, please check what is the reason for the session data not to be cleared.

 

To my surprise, I use link 'login.php?out' for logging out and following code for logging out which works and clears all the session data.

 

if(isset($_GET['out']))
{
session_destroy();
echo "<meta http-equiv=\"refresh\" content=\"0;url=login.php\">";
exit;
}

 

I have no idea while the second works why not the first? Please help.

 

Thanks in Advance.

[patrickmvi]

What you have there looks like it should work.  You may want to try putting print_r($_SESSION) after your session_destroy() to see if the session really is getting destroyed.  If it is, then perhaps you have some sort of other mechanism in place that is re-establishing the session without you realizing it, perhaps via cookies or something like that.

[pacchiee]

You mean to say that I should also remove the session cookie?