PHP unset and desroyed session starts itself

Question

I got a little problem with my php code here... Can you please help me out? The problem is that when i, in my logout.php, unsets and destroys sessions, it works the first time i load some of my other pages.. but when i refresh right after, the session is started again, which i dont really understand? Because i have my page to look for a session with a specific name. Here is my code:

Login.php:

<?php session_start();
//Get username and password
$email = $_POST['email'];
$password = $_POST['password'];

//Sorting special characters away, with exception of "-" and "."
stripslashes($email);
$email = preg_replace('/[^A-Za-z0-9@\.\-]/','', $email);


//Getting the password from the database
$link = mysqli_connect("****", "****", "****", "****");
if (mysqli_connect_errno($connect)) 
{
    echo "Connection Failed!";
    mysqli_close($connect);
}
$sql = "SELECT * FROM admins WHERE email = '". $email . "'";
if ($result = mysqli_query($link, $sql))
{
    while ($row = mysqli_fetch_row($result))
    {
        $db_password = $row[2];
    }
    mysqli_free_result($result);

}
mysqli_close($connect);

//Compare DB-password to entered password
if ($db_password == $password)
{
    $_SESSION['admin'] = $email;
    header("Location: ../index.php");
    exit();
}
header("Location: index.php");
exit();
?>

Logout.php:

if(!isset($_SESSION['admin']))
{
    header("Location: ../index.php");
    exit();
}
else
{
    session_unset();
    session_destroy();
    echo '<h1>You have been succesfully logged out!</h>';
    exit();
}

Index.php:

if (isset($_SESSION['admin']))
{
    echo '<div id="admin"><br>
    <h3>'.$_SESSION["admin"].'</h3>
    <a href="http://www.mysite.com/admin"><span>Admin panel</span></a><br>
    <a href="http://www.mysite.com/admin/logout.php"><span>Log out</span></a>
    </div>';
}

And yes, i got session_start() on top of every one of my pages.

As you can see in the index.php, i want some code to be written if $_SESSION['admin'] is set. And when i destroy the session in my logout.php, and goes to index.php, it works the first time i load the page. But i i refresh, the code reappear, which means the session must have been set again, somehow! But i dont know why? Please help!

EDIT: I have put the whole code of the login.php now. The rest of the other 2 pages, is pure HTML. What i have posted is all my PHP code!

Answer 1

Once you refresh, your following condition staisfies:

if ($db_password == $password)

connection establishes, session is created and you are redirected to index.php from login.php.

Change this condtion and your script works

Answer 2

It might because of the PHPSESSID cookie. just try it by removing PHPSESSID cookie from browser

if(!isset($_SESSION['admin']))
{
    header("Location: ../index.php");
    exit();
}
else
{
    session_unset();
    session_destroy();
    setcookie('phpsessid','value',time()-1);  
    echo '<h1>You have been succesfully logged out!</h>';
    exit();
}