cookies won't delete

Question

Here is my login cookies being set

setcookie('username[0]',$username,time()+(60*60*24*365));
setcookie('username[1]',$userid,time()+(60*60*24*365));
setcookie('username[2]',$subscribed,time()+(60*60*24*365));         
setcookie('password',md5($password),time()+(60*60*24*365));
setcookie('admin',$admin,time()+(60*60*24*365));

Here is my logout function

function logout($return) {

         setcookie('username[0]', '', time()-(60*60*24*365));
    setcookie('username[1]', '', time()-(60*60*24*365));
    setcookie('username[2]', '', time()-(60*60*24*365));
    setcookie('password', '', time()-(60*60*24*365));
    setcookie('admin', '', time()-(60*60*24*365));


      header( 'Location: ' . $return );

    echo "<div class='fontall'><span class='fontdif'>You've been logged out.  </span><a href='$return'>Click Here</a><span class='fontdif' to return</span></div>";

        }

When i try to log out and return to the page i am still logged in? What did i do wrong?

Answer 1

If you got the 'cannot modify headers' error, it means you echo out something before setcookie . setcookie must do before any content echo out.

Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including and tags as well as any whitespace.

Answer 2

    // 1. Find the session
    session_start();

    // 2. Unset all the session variables
    $_SESSION = array();

    // 3. Destroy the session cookie
    if(isset($_COOKIE[session_name()])) {
        setcookie(session_name(), '', time()-42000, '/');
    }

    // 4. Destroy the session
    session_destroy();

That should work. Probably..u didn't destroy the session?

Answer 3

Nothing seems to be wrong with the code - they should be deleting the cookies. Are you sure that the cookies are not deleting? After you logout, try checking if the cookies exist. You may do so using the browser that show the active cookies. Or alternatively you may try reading the cookies using PHP.

Second, how are you checking if the session is still valid? Can you please share that piece of code? And where do you check your session - do you do them on all pages?