Logout.php script:
session_start();
session_destroy();
session_start();
unset($_SESSION['admin_uname']);
session_regenerate_id();
$_SESSION['success_msg'] = "<strong>You've been logged out.</strong>";
header('location: //domain.com/admin/login');
exit;
Login.php (part):
if (isset($_SESSION['admin_uname']) && !empty($_SESSION['admin_uname'])) {
goPage("//domain.com/admin/dashboard"); // goPage is a selfmade PHP function that checks whether value is self, home or an url and redirects the user to the correct location
exit;
}
Core.php // the core is above all the content on every page. The script below checks whether the user is on a protected page, these pages are defined in the $protectedpages array.
if (isset($_SESSION['admin_uname']) && !empty($_SESSION['admin_uname'])) {
$admin_uname = $_SESSION['admin_uname'];
} else {
$protectedpages = array("contact", "offertes");
$currentpage = str_replace(".php", "", basename($_SERVER['PHP_SELF']));
if (in_array($currentpage, $protectedpages)) {
$_SESSION['error_msg'] = 'Your session either expired or you are not logged in. Please try again.';
header('location: //domain.com/admin/login');
exit;
}
}
When the user is logging out by going to the logout.php page. closes the browser, reopens the browser, goes back to login.php the if (isset($_SESSION['admin_uname']) part of the code on the login.php page is being executed, the user will pass by the core.php and return back to the login.php page with the message Your session either expired or you are not logged in. Please try again. because the core.php doesn't detect the user to be logged in or at least it doesn't detect $_SESSION['admin_uname'] is set or not empty. Normally you would expect this kind of behavior to trigger an infinite loop but it doesn't do that.
I hope it all makes sense and I narrowed it down to the code above. There is no other part of the script that can set the $_SESSION['admin_uname'] variable.