It seems that filter_input doesn't support $_SESSION yet, so we'll have to do this more-like the old-fashion way, where an empty variable is first assigned, and then only if the superglobal exists, do you assign it then.

Ahh the memories.

I've also moved the cookie part afterwards, which seems to flow better due to the cookies relying on the lack of a username.

Code javascript:
$username = '';
if (isset($_SESSION['username'])) {
    $username = filter_var($_SESSION['username'], FILTER_SANITIZE_STRING);
if (empty($username)) {
    require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/cookie.php';