Sometimes Logout does not disconnect the user. The cookie is not correctly removed.
In particular when changing the security level.
When removing the cookie, the options must be the same as when creating the cookie.
setcookie("uid", "deleted", time() - 3600);
setcookie("username", "deleted", time() - 3600);
/* NEW CODE TO ADD */
/* Make sure the cookie is removed, no matter how it has been created */
$l_cookie_options = array(
'expires' => time() - 3600, // 0 means session cookie
'path' => '/', // '/' means entire domain
//'domain' => '.example.com', // default is current domain
'secure' => FALSE, // true or false
'httponly' => TRUE, // true or false
'samesite' => 'Strict' // None || Lax || Strict
);
setcookie("username", "deleted", $l_cookie_options);
setcookie("uid", "deleted", $l_cookie_options);
//setrawcookie() allows for response splitting
$lUsernameCookie = $lRecord->username;
$l_cookie_options = array(
'expires' => time() - 3600, // 0 means session cookie
'path' => '/', // '/' means entire domain
//'domain' => '.example.com', // default is current domain
'secure' => FALSE, // true or false
'httponly' => FALSE, // true or false
'samesite' => 'Lax' // None || Lax || Strict
);
setrawcookie("username", "deleted", $l_cookie_options);
setrawcookie("uid", "deleted", $l_cookie_options);