From b10ae234ac1136e8db5440e36d347585a4837e44 Mon Sep 17 00:00:00 2001 From: laf Date: Thu, 9 Jan 2014 10:41:40 +0000 Subject: [PATCH] Moved the header call to after setcookie, also added an exit statement. --- html/includes/authenticate.inc.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/html/includes/authenticate.inc.php b/html/includes/authenticate.inc.php index 5ca574a9f..543e6416b 100644 --- a/html/includes/authenticate.inc.php +++ b/html/includes/authenticate.inc.php @@ -25,10 +25,11 @@ if ($vars['page'] == "logout" && $_SESSION['authenticated']) dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Logged Out'), 'authlog'); unset($_SESSION); session_destroy(); - header('Location: /'); setcookie ("username", "", time() - 60*60*24*100, "/"); setcookie ("password", "", time() - 60*60*24*100, "/"); $auth_message = "Logged Out"; + header('Location: /'); + exit; } if (isset($_GET['username']) && isset($_GET['password']))