On my website, when a person logs in - a session is started and variables set with his/her information taken from the "users" database. This allows them to access their information where they can add, edit or delete certain information.
I registered as a user and entered some test information to make sure everything works, etc.. I left for a while without logging out and when I came back to access my information I found that I had access to someone else's information instead of mine.
The login script is suppose to automatically log you out after a period of inactivity. I don't know what happened here, but I'm hoping that someone could share some light on what possibly may have happened.
Doesn't this destroy the session almost immediately?
setcookie (session_name(), '', time()-300, '/', '', 0); // Destroy the cookie.