Logout script not clearing $_session variables

I’m trying to use this php to clear out the session variables and return to the index page. However it’s not clearing them out. Any ideas?


	header("Location: http://aaronhaas.com/pitchshark6/index.php?vid_id=1");

then in my navigation I’m using this code to either display their username and a logout link to logout.php or if they are not logged in display a sign in link.

         // if logged in
	if (isset($_SESSION['user_id']))
		// display
		echo "<a href='#'>".$_SESSION['username']."</a>&nbsp; &nbsp;";
		echo "<a href='scripts/logout.php'>Log Out</a>&nbsp; &nbsp;";
        // if not logged in
	{      // display login link
		echo "<a href='login.php'>Sign In</a>";

here is my super simple login script

$username = $_POST['username'];
$password = $_POST['password'];
//Check if the username or password boxes were not filled in
if(!$username || !$password){
	//if not display an error message
	echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b>!</center>";
	// find user by username and password - working
	$userQuery = 'SELECT * FROM users WHERE user_name ='.'"'. $username.'" AND password='.'"'. $password.'"' ;
	$users = mysql_query($userQuery);

	$user = mysql_fetch_array($users);
	$_SESSION['user_id'] = $user['user_id'];
	$_SESSION['username'] = $user['username'];
	header("Location: http://aaronhaas.com/pitchshark6/index.php?vid_id=1");

Are you positive it is actually not clearing those session variables or is it possibly anothe rportion of your script that is failing. Do an echo of the session variables at the end of each script to make sure.


Make sure you have all error reporting on.

I would use:


if (ini_get(“session.use_cookies”)) {
$params = session_get_cookie_params();
setcookie(session_name(), ‘’, time() - 42000,$params[“path”], $params[“domain”],$params[“secure”], $params[“httponly”]);


Put session_destroy(); at the right position after checking the result means checking all variable by echo and die.