I use the following codes to log users out from a web app. while logging in I set cookie email and password, but after logging out, visiting the home page automatically logs the user in again, probably because the cookie wasn't successfully destroyed. Please how do I get it right. Here is log out code

function log_out() {
   $old_user = $_SESSION['valid_user'];
   unset($_SESSION['valid_user']);
   unset($_SESSION['login']);
   unset($_SESSION['blog_addr']);
   $result_dest = session_destroy();

   setcookie('email', '');
   setcookie('pswd', '');

   if (!empty($old_user)) 
     if ($result_dest)
       return true;
     else 
       $msg = 'Could not log you out ';
   else 
        $msg = 'You have not been logged in so you are not logged out ';      
   return $msg;
}///:~

Comments

Please do not store people's passwords in their cookies. See stackoverflow.com/questions/1410901/… for better ways of doing the same thing.

Written by Tesserex

from a security perspective, it's a really bad idea to store the password in a cookie. you may want to read over the two strategies here: static.springsource.org/spring-security/site/docs/3.0.x/…. (even though the docs are for a java package the principles are still very applicable!)

Written by stevevls

Accepted Answer

You need to set setcookie to an expiration date in the past. See the example here:

http://php.net/manual/en/function.setcookie.php

Written by onteria_
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki