Variables not unsetting.

I want to delete a cookie, if it is set. And unset two session vars so that the user is logged out. But for some reason the vars will not delete and the IF statement seems to think that they are deleted :/

Here is the login script which makes the session vars:

<?php
session_start();
include "../../scripts/connect.php";

$uname= $_POST['username'];
$pword= md5($_POST['password']);
$remMe= $_POST['rememberme'];

if ($uname == "" || $pword == "") {
// No username has been entered
$mess = "Required fields not completed!";
header("Location:../login.php?mess=$mess");
}
elseif (isset($_SESSION['username']) && isset($_SESSION['password'])) {
$mess = "You are already logged in as ".$_SESSION['username']."!";
header("Location:../index.php?mess=$mess");
} else {
//Tests have been passed
mysql_select_db($dbname, $con);
$query="SELECT * FROM users";
$result=mysql_query($query);
if (!$result) {
$mess = "Unable to login! (Technical error)";
header("Location:../login.php?mess=$mess");
}

//Check if username and password matchs
while ($row=mysql_fetch_array($result)) {
$username=$row['username'];
$password=$row['password'];

if ($uname == $username && $pword == $password) {
// Username and password matches, make session variables
$_SESSION['username']=$uname;
$_SESSION['password']=$pword;

//Check is remember password has been set
if ($remMe==1) {
//Create cookies
setcookie("user", "$uname|".md5($pword), time()+0*0*0*7);
}
//Now redirect to main page
$mess = "Login successfull!";
header("Location:../index.php?mess=$mess&");
}
else {
//Invalid login
$mess = "Invalid username or password!";
header("Location:../login.php?mess=$mess");
}
} //END While
}
?>


And here is the logout.php script:

<?php
session_start();
//Vars
$user_var = $_SESSION['username'];
$pass_var = $_SESSION['password'];
$cookie = $_COOKIE['user'];

//unset vars and delete cookie
unset($user_var, $pass_var);
setcookie("user",time()-60);

//Check that loggout is successful
$mess = isset($user_var, $pass_var, $cookie) ? "Unable to logout!" : "Successfully logged out!";
header("Location: ../login.php?mess=$mess");
?>


When I click logout the "Successfully logged out!" message is displayed although the sessions vars still exits :/

In your line:

$mess = isset($user_var, $pass_var, $cookie) ? "Unable to logout!" : "Successfully logged out!";

...if any of $user_var, $pass_var, or $cookie are set, then you ought to be unable to log out, if I've understood you correctly.

Just before this ternary operator, what do these three variables return if you print them?

Correct, the $user_var has the value of the username, and $pass_var has the value of the password (encrypted).

The cookie does not yet work, so it is not set, well it isnt displaying anyway.

Edit: Fixed

Just set the username and password session vars as "" instead :/

------------------------------------------------

Okay, here is the logout code:

<?php
session_start();

//unset vars and delete cookie
session_destroy();
setcookie("user",time()-60);

//Check that loggout is successful
$mess = (isset($_SESSION['username'],$_SESSION['password'],$_COOKIE['user'])) ? "Unable to logout!" :
"Successfully logged out!";
header("Location: ../login.php?mess=$mess"); //Redirect to login page
?>


Now, when I get redirected to the login page the error message of gets displayed:

Unable to logout!


But the session vars are actually not there, well not displaying... so the other mess should display :/

And I would prefer to use unset to get rid of the vars but that will not work..

Trying changing "isset" to "!empty"

I have got that problem working now, but for some reason the cookie is not being created :S

setcookie("user", "$uname|".md5($pword), time()+0*0*0*7);