-1
if (isset($_GET['logout'])) {
    // session_destroy();
    $account_type =  $_SESSION['account_type'];
    //session_write_close();
    unset($_SESSION['success']);
    unset($account_type);
    header("location: login.php");
}

There are 2 account types: Student and Teacher.

If you make an account as a Student and logout, then register as a Teacher and logout, and then you try to log in to your student account, it'll treat you as a teacher since that's what you last registered as.

This behavior happens vice versa.

Is there a certain session command I should use on logout? Or anything else I could try?

ADyson
  • 57,178
  • 14
  • 51
  • 63
ibi
  • 11
  • 1
    You would need to close the session on logout or after a period of time of inactivity. See similar questions: https://stackoverflow.com/questions/24402047/php-session-destroy-after-closing-browser and https://stackoverflow.com/questions/8311320/how-to-change-the-session-timeout-in-php – Chana Jun 03 '20 at 18:11

1 Answers1

1

Why unset($account_type);? That makes no sense as far as I can see. That just unsets the local variable you created called $account_type, it doesn't affect the session value you copied it from.

If you want it to forget the session value, then write unset($_SESSION["account_type"]);.

But also, surely you would be re-setting that value anyway when the user next logs in, based on their account data in your database? Don't you have some code to set the account type every time someone logs in?

ADyson
  • 57,178
  • 14
  • 51
  • 63