I have same problem on godaddy windows hosting account. my logout script works fine in my local server but it does not work on godaddy. let me know if you host your site in godaddy.

my only thought is the path, maybe try an absolute instead of the relative index

header("Location: /index.php");

or even with the full domain

header("Location: http://www.example.com/index.php");

When you do header redirects, there can be no prior data being outputted to the browser. Do an output of your headers and make sure there is nothing else going on. Even whitespace/blank lines/etc will cause errors.

[php.net...]

I finally figured it out. The reason I was having an issue ended up there was other session variables that I did not unset so the working code I use is

function logoff() {
// kill session variables
unset($_SESSION["user"]);
unset($_SESSION["pass"]);
unset($_SESSION["logged_in"]);
unset($_SESSION["admin"]);
session_destroy(); 
setcookie("user", NULL, time()-3600);
setcookie("pass", NULL, time()-3600); 
// redirect them to anywhere you like.
header("Location: index.php");
}

Is there a way to just unset all session variables? Will I have to update this every time I set a session parameter for the logout to redirect?

Thanks for your help

[php.net...]

ession_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie.

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

Good point, jatar_k. That page is a must-read.

Is there a way to just unset all session variables?

$_SESSION = array();

Here is another related discussion that will be of interest:
How to check if the session is really destroyed [webmasterworld.com]