Hi
I was testing a local web site and want to delete cookies to test logout but after I deleted cookies / storage and refresh I find my self still logged in. How this is possible ?
Thanks
You would need to post all the code that’s necessary to reproduce the problem in order to get help.
You should determine the logged in state based on a value maintained on the server, not by the existence of a cookie, because someone/hacker/bot can capture a cookie value and submit it to impersonate the actual user. The cookie value (session id, unique token) should only identify who the user is, not their logged in/out state.
Dont have the code. But in incognito mode I am no longer logged in
If you were looking at $_SESSION for your login information, it would still exist after you deleted cookies.