Hey,
I am writing my own login/logout script, with my own simple database stored login script.

Now I have come across an occurence in my script, where by the user may have the session ID cookie, but the session in the database has already expired. Now it doesn't seem to be causing much of a problem, due to my checks, but I can't get it to delete the session ID cookie.

The code checks if the cookie is present - if so it checks for a matching record in the database (checks expiry dates, IPs, etc). If all is good, it logs them in, but if there is no matching record, it is supposed to delete the cookie, and any expired sessions for this user. Now the section of code IS going through as it should, (tested it with an echo), but the cookie won't delete or update at that point. However, if I login again, the cookie is updated with the new session ID.

Here is my code:
------------------------------------------

//If the session ID cookie exists, check that the session ID is an active session.
if(isset($_COOKIE['SESSID']))
{
 //Get the users IP address and session ID.
 $user_ip = cleantxtinput($_SERVER['REMOTE_ADDR']);
 $sess_id = cleantxtinput($_COOKIE['SESSID']);
 $chk_sess = runquery("SELECT member_values FROM fti_art_sessions WHERE session_id = '$sess_id' AND user_ip = '$user_ip' AND startdate > DATE_SUB(NOW(),INTERVAL '24' HOUR) AND lastactive > DATE_SUB(NOW(),INTERVAL '30' MINUTE)");
 
 //If a session is found, read the users data back, update the activity, and set the "logged in" variable to true.
 if (mysql_num_rows($chk_sess) == 1)
 {
  while($row = mysql_fetch_array($chk_sess, MYSQL_ASSOC))
{
 $userdata = explode("¦",$row['member_values']);
}
//Get the various options out of the user data.
$usersess_mid = $userdata[0];
$usersess_name = $userdata[1];
$usersess_level = $userdata[2];
$usersess_filter = $userdata[3];
$usersess_tzdiff = $userdata[4];
$usersess_tzdst = $userdata[5];
//Set the login check variable to true, to by-pass the remember me checker.
$chk_loggedin = true;
//Update the activity time for the session.
runquery("UPDATE fti_art_sessions SET lastactive = NOW() WHERE session_id = '$sess_id' AND user_ip = '$user_ip' AND startdate > DATE_SUB(NOW(),INTERVAL '24' HOUR) AND lastactive > DATE_SUB(NOW(),INTERVAL '30' MINUTE)");
 //If no session is found, delete the cookie and any sessions for this user, and set the "logged in" variable to false.
 } else {
  //Delete the session ID cookie.
  setcookie("SESSID", '', time()-86400);
echo "DEL COOKIE";
//Delete any expired sessions in the database for this user.
runquery("DELETE FROM fti_art_sessions WHERE user_ip = '$user_ip' AND startdate < DATE_SUB(NOW(),INTERVAL '24' HOUR) OR lastactive < DATE_SUB(NOW(),INTERVAL '30' MINUTE)");
//Set the login check variable to false, so it can check for "remember me" next.
$chk_loggedin = false;
 }
}

------------------------------------------
I did some googling, and checked these forums quickly, but all I found out was that "deleting cookies is really easy - you just set the expiry in the past". Nothing new. :/

Closest I got to an answer was that sometimes system times can effect it, so you set the expiry time to a specific date in the past (Jan 1997 was the example given). I tried it but it didn't help.

I am running this script off of a basic server setup on my HDD, if it makes any difference (using NetServer for simplicity).

I've never come across this before, so any help is greatly appreciated. :)