session - Days stuck with a 'simple' login / logout PHP script -

i have pretty simple login/logout script little private 'niche' site doesn't require lot of security.

session_start();  // array users , passwords $lgns = array( 'firstuser' => '5d0a158df212de401a9509a88a8d9f96b060f6c5', 'seconduser' => 'f8a913721596fffbf18a4777e6f163316154e6e5', 'thirduser' => 'f8a913721596fffbf18a4777e6f163316154e6e5', );  $user = isset($_post['username']) ? $_post['username'] : ''; $passu = isset($_post['password']) ? $_post['password'] : ''; $pass = sha1($passu);  // check if credentials valid // if not... if( !isset($lgns[$user]) or $lgns[$user] != $pass ) {     // check if session valid     // if not...     if ( !(isset($_session['user']) && $_session['user'] != '') )     {         echo "wrong creds, no session; redirecting...";     }     else    {         // if credentials not valid there session         echo "wrong creds, there session, stay.";    }  } // if credentials valid, set session. else {    echo "correct credentials";     $sessionuser = $_post['username'];     $_session["user"] = $sessionuser; } 

this logout script in separate php file:

session_start();  unset( $_session["user"] ); session_destroy();  header("location: ../index.php"); 

problem is: no matter try, keep getting "wrong creds, there session, stay." message. don't know if i'm not checking session or if i'm not closing de session correctly.

i've been searching , struggling days , i'm starting feel stupid. i've made work before! had ask. in advance.

just have following code given below, hope you!!

<html>     <head>     </head>         <title>quiz</title>             <body>                 <center>log in page</center>                 <form action="" method='post'>                 email id : -<input name="email" type="text"><br/><br/>                 password : -&nbsp; <input name="password" type="text"><br/>                 <input type='submit' value="log in" name="login">                 </form> <?php     $con = mysqli_connect("localhost","root","","database_name");     if(isset($_post['login'])){     $login=mysqli_real_escape_string($con,$_post['email']);     $pass=mysqli_real_escape_string($con,$_post['password']);     $conv_md_pass=md5($pass);     echo "$conv_md_pass";     $select_user="select * mst_user email='".$login."' , pass='".$conv_md_pass."'";     $run_user=mysqli_query($con,$select_user);     $check_user=mysqli_num_rows($run_user);     echo "/$check_user";     if($check_user>0)     {         echo "successfully logged in";        }     else     {         echo "wrong username , password";     }  }  ?> </body> </html> 

signout

<?php session_start(); session_destroy(); header("location: login.php"); ?>