Logout script doesn't work when redirection is set

Question

I have the following log-out script:

setcookie("key", "", time() - 36000);
setcookie("usr_email", "", time() - 36000);
session_destroy();
header("Location: http://www.site.net/");

When I like to that page directly (logout.php) it works great and logs the user out.

But for some reason, when I use:

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^log-out /logout.php

I can see that the redirection works, but the log-out is not being carried out.

EDIT: just checked, after being redirected back to the homepage, the cookies are still available. Just a clarification, if I go directly to the logout php file it works great.

Answer 1

I think the problem is that hyphen in your htaccess file. Try this:

RewriteRule ^log\-out /logout.php

Could you also tell the errors/behaviour that happens?

Edit:
The problem is in your PHP then. First of all, I'd recommend storing login-related data in sessions, not cookies. Cookies can be added and edited by users.

Anyway, the code should successfully clear, if not delete, the cookies. So it may be that you're checking if you're logged in based on if the cookies exist, rather than their content. In this case try if(empty($_COOKIE['key'])), which will check if it's empty or not.

To remove a cookie completely: unset($_COOKIE['key']).

By the way, session_destroy() is not related to cookies at all.

Edit 2:
Try assigning the cookie to your domain and all its subdomains (including www):

setcookie('key', '', time() - 36000, '/', '.mysite.net');

Do the same when adding the cookies.

Answer 2

Try this in htaccess file

Options +FollowSymlinks
RewriteEngine on

RewriteBase /

RewriteRule ^log\-out logout.php

Set RewriteBase to your base url : hope you know this.