I have a problem, I will explain how to reproduce the problem:
1- Login to my page (sesion variables are set as $ _SESSION ['logged'] = true and $ _SESSION ['id'] = 123
2 - then in the main menu I exit, a code like this
function logout()
{
session_start();
$_SESSION['id'] = null;
$_SESSION['logged'] = null;
unset($_SESSION);
session_destroy();
require_once('Views/SessionExpiredView.php');
}
3- In the expired view, I show a link to the login page, there the session is null
4- I click on the browser and click ok to send the information
5 session again becomes $ _SESSION ['logged'] = true and $ _SESSION ['id'] = 123, and I logged off again and can see all the information related to id 123
This is a security issue and I do not know what is going on !!!
Any suggestion will be deeply appreciated.
Alejandra