Description:
------------
The problem:

- Theoretically

Login Page: Checks if one of the cookies variables is set and if so, proceed with the login. Otherwise shows the login form. On submit calls the dologin() function.

Login: Access db, register session variables and cookies (if checkbox is checked) -> Redirects to temp.php -> Since the user is logged in, shows the option for logout.

Logout: Unsets session variables as well as cookies -> Redirects to temp.php?actID=0 - logout() -> Since the session was destroyed the user is now sent to the login page but this time with a notice that he was sucessfully logged out.

- Practically

Login: Everything smooth

Logout: The unset part goes without any problem and after the redirection the user is sent again to the login page. At this point I can't understand how but the $this->dologin() function is called. The final output will be exactly the same as if the user is logging in for the first time without any notice of the sucessful logout as supposed.

--

Strange facts:

- I checked if the cookie was set and the answer is NO so how could the dologin function be called???
- Tried to remove the mysql functions from the dologin() and it worked fine.
- Tried to comment the "$this->dologin($_COOKIE['sl_reporterid'], $_COOKIE['sl_password'], NULL, 1);" line and guess what, it worked as supposed!???
- If the script dont store any cookies (checkbox !checked) it works ok.

I did a great effort to understand what was going and since I could't live without knowing the cause I reported what I think it's some "kind" of bug.

Script source: http://projects.spiderfish.net/spylog/temp.txt
Working example #1: http://projects.spiderfish.net/spylog/temp.php - with the problem
Working example #2: http://projects.spiderfish.net/spylog/temp2.php - without the problem (commented the line that calls the dologin function as refered above)
PHP Info: http://projects.spiderfish.net/spylog/phpinfo.php

Best Regards

Jo?o