Hi i made a code that connects with facebook and register the user, then it makes the user login , everything works very nice.. When they login i set

$_SESSION['id']

My guess was, if this was unset the user will be logout from my site, and it wont be "autoreconnected"..

Because previously it was like a loop, everytime i logout, it login again using the facebook connect even if the user havent clic again "login with facebook"...

EDIT: I change a condition and know is not "looping" i CAN logout of the site..

But the Session , is not unset!, why, just the cookies are set to '' but ,=( session is not unset

Here is my code

the head

<?php
//
// uses the PHP SDK. Download from https://github.com/facebook/php-sdk
include("facebook-php-sdk-master/src/facebook.php");

//
// from the facebook app page
define('YOUR_APP_ID', '');
define('YOUR_APP_SECRET', '');

//
// new facebook object to interact with facebook
$facebook = new Facebook(array(
 'appId' => YOUR_APP_ID,
 'secret' => YOUR_APP_SECRET,
));
//
// if user is logged in on facebook and already gave permissions
// to your app, get his data:
$userId = $facebook->getUser();

?>

The body

<?php
echo $_SESSION['id'];

if ($userId) {
 //
 // already logged? show some data
 $userInfo = $facebook->api('/' + $userId);





 if (isset($userInfo['email']) || isset($_SESSION['id']))

{ include "facebookregister.php"; } else { echo "no hay permisos de facebook"; }

} else {
 //
 // use javaascript api to open dialogue and perform
 // the facebook connect process by inserting the fb:login-button
 ?>
 <div id="fb-root"></div>
 <fb:login-button scope='email,user_birthday'></fb:login-button>
 <?php
}
?>
 <script>
 window.fbAsyncInit = function() {
 FB.init({
 appId : <?=YOUR_APP_ID?>,
 status : true,
 cookie : true,
 xfbml : true,
 oauth : true,
 });


FB.Event.subscribe('auth.login', function(response) {
 // ------------------------------------------------------
 // This is the callback if everything is ok
 window.location.reload();
 });
 };

(function(d){
 var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
 js = d.createElement('script'); js.id = id; js.async = true;
 js.src = "//connect.facebook.net/en_US/all.js";
 d.getElementsByTagName('head')[0].appendChild(js);
 }(document));
</script>

facebookregister.php

<?PHP 
echo "<p>YOU ARE: <strong>". $userInfo['name'] ."</strong><br/>";
echo "Your birth date is: ".$userInfo['birthday']."</p>";
echo "Your mail is: ".$userInfo['email']."</p>";

echo "Your mail is: ".$userInfo['username']."</p>";



//$name = $userInfo['name'];
$first_name = $userInfo['first_name'];
$last_name = $userInfo['last_name'];
$birthday = $userInfo['birthday'];
$username_fb = $userInfo['username'];
$email = $userInfo['email'];
$gender = $userInfo['gender'];
$status = 1;

function generateRandomString($length = 10) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!';
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, strlen($characters) - 1)];
    }
    return $randomString;
}


    $db= DAL::get_instance();           



    //select all rows from our users table where the emails match
                                    $count=$db->read_single_column("select count(id) from ".TABLE_PREFIX."users where email=? and status=1", array($email));
 echo "Aqui".$count;
                                    //if the number of matchs is 1
                                    if($count == 1){
                                        //the email address supplied is taken so just login user 


                                    $res=$db->execute_query("select * from ".TABLE_PREFIX."users where email=?",array($email));
                    $v=$res->fetch_assoc();
                    $username=$v['username'];
                    $password=$v['password'];



            $this->set_variable('username',$username);
                    $this->set_variable('password',$password);


                    $query="select id from ".TABLE_PREFIX."users where username=? and password=?";
                    $res=$db->execute_query($query,array($username,$password));

                    $value2=$res->fetch_assoc();
                    $id=$value2['id'];
                    $orig_password=$db->read_single_column("select password from ".TABLE_PREFIX."users where username=? and status=1", array($username));




                    if($password == $orig_password)
                    {
                        $t=time();
                        $sql="update ".TABLE_PREFIX."users set last_login_time=? where id=?";
                        $res=$db->execute_query($sql,array($t,$id));




                        $srv_nms=BASE;
                        $srv_nms=str_replace("http://","",$srv_nms);
                        $srv_nms=str_replace("https://","",$srv_nms);
                        $srv_nms=str_replace("www.","",$srv_nms);


                        $srv_pats=$srv_nms;

                        $srv_nms_arr=explode("/",$srv_nms);
                        $srv_nms=$srv_nms_arr[0];


                        $srv_pats=str_replace($srv_nms."/","",$srv_pats);


                        setcookie(COOKIE_LOGINID,$id,0,"/".$srv_pats,$srv_nms);
                        setcookie(COOKIE_USERNAME,$username,0,"/".$srv_pats,$srv_nms);
                        setcookie(COOKIE_PASSWORD,$orig_password,0,"/".$srv_pats,$srv_nms);
                            $_SESSION['user'] = $email;
                        $_SESSION['id'] = $id;          

        if(LoginHelper::validate_user_login()==0)
        {
            header("Location:index.php");
            exit;
        }


        }


                                    }else{

    //finally, otherwise register there account

                                        //time of register (unix)
                                        $registerTime = date('U');

                                        //make a code for our activation key
                                        $code = md5($username).$registerTime;

                                            $password = $randomString;

                                        $password  = md5($password);

                                        //insert the row into the database
                                         $res=$db->execute_query("INSERT INTO ".TABLE_PREFIX."users (`username`, `password`, `email`, `reg_time`, `status`, `fname`, `lname`) VALUES('".$username_fb."','".$password."','".$email."','".$registerTime."','".$status."','".$first_name."' ,'".$last_name."'  )");

                                        $row=$db->execute_query("SELECT username, password FROM ".TABLE_PREFIX."users WHERE email=".$email."");
                $row_data=$row->fetch_assoc();

                $username=$row_data['username'];
                $password=$row_data['password'];


            $this->set_variable('username',$username);
                    $this->set_variable('password',$password);


                    $query="select id from ".TABLE_PREFIX."users where username=? and password=?";
                    $res=$db->execute_query($query,array($username,$password));

                    $value2=$res->fetch_assoc();
                    $id=$value2['id'];
                    $orig_password=$db->read_single_column("select password from ".TABLE_PREFIX."users where username=? and status=1", array($username));


                    if(md5($password)== $orig_password)
                    {
                        $t=time();
                        $sql="update ".TABLE_PREFIX."users set last_login_time=? where id=?";
                        $res=$db->execute_query($sql,array($t,$id));




                        $srv_nms=BASE;
                        $srv_nms=str_replace("http://","",$srv_nms);
                        $srv_nms=str_replace("https://","",$srv_nms);
                        $srv_nms=str_replace("www.","",$srv_nms);


                        $srv_pats=$srv_nms;

                        $srv_nms_arr=explode("/",$srv_nms);
                        $srv_nms=$srv_nms_arr[0];


                        $srv_pats=str_replace($srv_nms."/","",$srv_pats);


                        setcookie(COOKIE_LOGINID,$id,0,"/".$srv_pats,$srv_nms);
                        setcookie(COOKIE_USERNAME,$username,0,"/".$srv_pats,$srv_nms);
                        setcookie(COOKIE_PASSWORD,$orig_password,0,"/".$srv_pats,$srv_nms);

                        $_SESSION['user'] = $email;
                        $_SESSION['id'] = $id;              



            //header("Location:".$this->make_url('user/home'));
            //exit;

                }                       


                                        //send the email with an email containing the activation link to the supplied email address
                                        mail($email, $username.' registration confirmation', "Thank you for registering to us ".$username.",\n\nHere is your activation link. If the link doesn't work copy and paste it into your browser address bar.\n\nhttp://www.yourwebsitehere.co.uk/activate.php?code=".$code, 'From: noreply@youwebsitehere.co.uk');

                                        //display the success message
                                        echo "<center>You have successfully registered, please visit you inbox to activate your account!</center>";


            header("Location: index.php");
            exit;
                                    }







        ?>

THE MOST IMPORTANT. LOGOUT ACTION

function logout_action()
    {
        $srv_nms=BASE;
        $srv_nms=str_replace("http://","",$srv_nms);
        $srv_nms=str_replace("https://","",$srv_nms);
        $srv_nms=str_replace("www.","",$srv_nms);


        $srv_pats=$srv_nms;

        $srv_nms_arr=explode("/",$srv_nms);
        $srv_nms=$srv_nms_arr[0];


        $srv_pats=str_replace($srv_nms."/","",$srv_pats);


        setcookie(COOKIE_LOGINID,"",0,"/".$srv_pats,$srv_nms);
        setcookie(COOKIE_USERNAME,"",0,"/".$srv_pats,$srv_nms);
        setcookie(COOKIE_PASSWORD,"",0,"/".$srv_pats,$srv_nms);

        unset($_SESSION['user']);
unset($_SESSION['id']);
unset($_SESSION['fb_540341239342331_code']);
unset($_SESSION['fb_540341239342331_access_token']);
unset($_SESSION['fb_540341239342331_user_id']);


        header("Location: ".$this->make_url("user/login/l"));
        die;
    }

Session unset & destroy, tested but not working.. why?? Code

function logout_action()

{
    $srv_nms=BASE;
    $srv_nms=str_replace("http://","",$srv_nms);
    $srv_nms=str_replace("https://","",$srv_nms);
    $srv_nms=str_replace("www.","",$srv_nms);


    $srv_pats=$srv_nms;

    $srv_nms_arr=explode("/",$srv_nms);
    $srv_nms=$srv_nms_arr[0];


    $srv_pats=str_replace($srv_nms."/","",$srv_pats);


    setcookie(COOKIE_LOGINID,"",0,"/".$srv_pats,$srv_nms);
    setcookie(COOKIE_USERNAME,"",0,"/".$srv_pats,$srv_nms);
    setcookie(COOKIE_PASSWORD,"",0,"/".$srv_pats,$srv_nms);

    session_unset();


    header("Location: ".$this->make_url("user/login/l"));
    die;
}

It's not recommended to unset session variables this way. Use session_unset(), see http://php.net/manual/en/function.session-unset.php

Over that, you don't want that the session still exists on the users computer, for this use session_destroy().

session_unset() just clears out the session for usage.

In your logout script add these lines after setcookie(COOKIE_PASSWORD,"",0,"/".$srv_pats,$srv_nms);

include("facebook-php-sdk-master/src/facebook.php");

//
// from the facebook app page
define('YOUR_APP_ID', '_');
define('YOUR_APP_SECRET', '_');

//
// new facebook object to interact with facebook
$facebook = new Facebook(array(
 'appId' => YOUR_APP_ID,
 'secret' => YOUR_APP_SECRET,
));
$logout = $facebook->getLogoutUrl(array("next"=>'your url after user logs out'));
$facebook->destroySession();
//destroy your sessions created by your site also using session_destroy();

/* don't forget to remove header("Location: ".$this->make_url("user/login/l")); */
header("Location:$logout");