I have a PHP application where I set $_SESSION['user']="logged" once a user is authenticated. I call this loginpage.php.
Once authenticated and the session variable set, the user is taken to a member page which starts with the lines:
<?php
session_set_cookie_params(0,'/');
session_start();
if($_SESSION['user'] != 'logged') {
header ("Location:loginpage.php");
}?>
When a user has logged in, closes the browser and then visits the members page, I expect him to be redirected to loginpage.php.
However, this does not happen. The session cookie is still there in the browser - I tested this using Firefox.
Could someone explain to me where I'm getting it wrong?
