data changes only after reload

Question

I have strange problem. I created a site with login/register/profile functions, but the problem is when i go to my profile for example it says

Hello, John Doe.

Then i logout and login with different account(for example lets say the name is Mark Smith), and then when i go to profile.php it still says

Hello, John Doe untill i reload the page (F5) than it changes to

Hello, Mark Smith.

What is the problem, in my logout file i destroy every session.. Code:

<!DOCTYPE html>
<html>
<head>
    <title>MyProject: Profile Page</title>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>

    <style>

    /* css here so i don't have to create specific file only for bg. */

    body 
    {
        background: url(images/index-body.jpg) no-repeat center center fixed;
        position: absolute;
        top: 0;
        left: 0;
        min-height: 100%;
        min-width: 100%;
        background-size: cover;
    }

    </style>
</head>
<body>

<nav class="navbar navbar-inverse navbar-fixed-top">

    <div class="container-fluid">

        <div class="navbar-header">

            <a class="navbar-brand" href="welcome.php">MyProject: Welcome</a>

        </div>

        <ul class="nav navbar-nav navbar-right">

            <li><a href="welcome.php"><span class="glyphicon glyphicon-home"></span> Home</a></li>
        <li><a href="profile.php"><span class="glyphicon glyphicon-user"></span> My Account</a></li>
        <li><a href="logout.php"><span class="glyphicon glyphicon-log-out"></span> Logout</a></li>

    </ul>

    <form class="navbar-form navbar-right" action="search.php">

        <div class="form-group">

            <input type="text" class="form-control" placeholder="Search by keyword" name="search_prototype">

        </div>

    </form>

  </div>

</nav>

<br><br><br><br><br>

<div class="container">

    <div class="jumbotron">

    <?php
    session_start();
    ob_start();

    require 'db.php';

    if(!isset($_SESSION['logged_in']))
    {
      header("location: index.php");
      exit();
    }

    if($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        if(isset($_POST['update_submit']))
        {
            if(!empty($_POST['update_name']) && !empty($_POST['update_lastname']) && !empty($_POST['update_email']) && !empty($_POST['update_aboutme']))
            {
                $first_name = $mysqli->escape_string($_POST['update_name']);
                $last_name = $mysqli->escape_string($_POST['update_lastname']);
                $old_mail = $mysqli->escape_string($_SESSION['email']);
                $email = $mysqli->escape_string($_POST['update_email']);
                $about_me = $mysqli->escape_string($_POST['update_aboutme']);

                $mysqli->query("UPDATE users SET name='$first_name', lastname='$last_name', email='$email', aboutme='$about_me' WHERE email ='$old_mail'");

                $_SESSION['suc_message'] = "Your account has been updated!";

                header("location: profile.php");
                exit();
            }
            else
            {
                $_SESSION['error_message'] = "You can't leave anything blank!";

                header("location: profile.php");
                exit();
            }
        }
    }

    $email = $mysqli->escape_string($_SESSION['email']);

    $result = $mysqli->query("SELECT * FROM users WHERE email='$email'");

    if($result->num_rows > 0)
    {

    $row = $result->fetch_assoc();



      echo '

      <div class="media-left">

          <img src="images/avatar_Test.png" class="media-object" style="width:110px">

      </div>

      <div class="media-body">

          <h2 class="media-heading">', $row['name'], ' ', $row['lastname'], '</h3>
          <small>Last active: ', $row['lastlogin'], '</small><br>
          <small>Register date: ', $row['register_date'], '</small>

     </div>

      <br><button data-toggle="collapse" class="btn btn-info" data-target="#profile_about">About me</button> 
      <button data-toggle="collapse" class="btn btn-info" data-target="#profile_contact">Contact</button> 

      <div id="profile_about" class="collapse"><br>', $row['aboutme'], '</div>

      <div id="profile_contact" class="collapse">

          <small><br>Email address: ', $row['email'], '</small><br>  

      </div>

      <br><br>

      <div class="alert alert-success">

        <span class="glyphicon glyphicon-edit"></span>  You can edit your profile data by changing the informations below

      </div>

      ';

      if(isset($_SESSION['error_message']) AND !empty($_SESSION['error_message']))
      {

          echo '

          <div class="alert alert-warning alert-dismissible" id="myAlert">

              <a href="#" class="close">&times;</a>
              <strong>Error!</strong> ' . $_SESSION["error_message"] . '

          </div>

          ';

          unset($_SESSION['error_message']);
      }

      if (isset($_SESSION['suc_message']) AND !empty($_SESSION['suc_message']))
      {

          echo '

          <div class="alert alert-warning alert-dismissible" id="myAlert">

              <a href="#" class="close">&times;</a>
              <strong>Success!</strong> ' . $_SESSION["suc_message"] . '

          </div>

          ';

          unset($_SESSION['suc_message']);
      }

      echo '

      <form method="POST">

        <input type="text" id="ex2" class="form-control" value="', $row['name'], '" aria-describedby="sizing-addon1" name="update_name"><br>
        <input type="text" id="ex2" class="form-control" value="', $row['lastname'], '" aria-describedby="sizing-addon1" name="update_lastname"><br>
        <input type="email" id="ex2" class="form-control" value="', $row['email'], '" aria-describedby="sizing-addon1" name="update_email"><br>
        <textarea class="form-control" rows="5" name="update_aboutme" id="comment" placeholder="', $row['aboutme'], '"></textarea>

        <br><br><input type="submit" name="update_submit" class="btn btn-info" value="Save"> <button data-toggle="collapse" class="btn btn-info" data-target="#profile_change_password">Change password</button> 

      </form>

      <div id="profile_change_password" class="collapse">

        <form method="POST">

          <input type="password" id="ex2" class="form-control" aria-describedby="sizing-addon1" name="update_name"><br>
          <input type="password" id="ex2" class="form-control" aria-describedby="sizing-addon1" name="update_lastname"><br>

          <br><br><input type="submit" name="update_submit" class="btn btn-info" value="Save">

        </form>          

      </div>


      ';
    }
?>

</div>

    <p>Website created by Cadilab.</p> 

</div>

<script>
$(document).ready(function()
{
    $(".close").click(function()
    {
        $("#myAlert").alert("close");
    });
});

</script>

Answer 1

I would use a different method to login and logout. First though Session and Cookies 2 different ways.

//first our session we need to check if its started and if not then start it
if(session_id()=="") session_start();

//under a login page
echo "<form action=\"login.php\" method=\"post\">";
echo "<input type=\"text\" name=\"email\" />";
echo "<input type=\"password\" name=\"password\" />";
echo "<input type=\"submit\" id=\"login_sm\" name=\"submit\" value=\"".ucwords('login')."\" />";
echo "</form>";

//under login.php or w/e you decide to use
if(empty($_SERVER['HTTP_REFERER'])) $_SERVER['HTTP_REFERER']="home.php"; // this allows us to check once logged in send back to home or user pager or w/e
foreach($_POST as $key=>$value) $_POST[$key]=htmlentities($value,ENT_QUOTES);
if(isset($_POST['email']) && isset($_POST['password'])) 
{
    $email = $_POST['email'];
    $password = md5($_POST['password']); // try to learn other than md5
    $sql="SELECT * FROM database WHERE email=\"".$email."\" AND md5(password)=\"".$password."\""; //yes md5 is not a good method so choose your encryption here
    $query=mysql_query($sql);
    if(mysql_num_rows($query)==0) {
        header("Location: ".$_SERVER["HTTP_REFERER"]."?login=Failed");
        }
    else {
        $row = mysql_fetch_array($query);
        $_SESSION['user_id-'.$_SERVER['SERVER_NAME']]=mysql_result($query,0); //this would have a unique identifier For Example The User ID would identify them as each user.
        setcookie("email-".str_replace(".","_",$_SERVER['SERVER_NAME']),$email,time()+60*60*24*365,"/",$_SERVER['SERVER_NAME'],0);
        setcookie("password-".str_replace(".","_",$_SERVER['SERVER_NAME']),$password,time()+60*60*24*365,"/",$_SERVER['SERVER_NAME'],0); // I use cookies in this case so if the browser is closed you can check for cookies and they will be logged in auto if you wish this is not needed.
       header("Location: ".$_SERVER["HTTP_REFERER"]."?login=Success");
       }

//logout
if(empty($_SERVER['HTTP_REFERER'])) $_SERVER['HTTP_REFERER']="index.php";
    unset($_SESSION['user_id-'.$_SERVER['SERVER_NAME']]);
    setcookie("email-".str_replace(".","_",$_SERVER['SERVER_NAME']),"dummytext",time()-60*60*24*365,"/",$_SERVER['SERVER_NAME'],0);
    setcookie("password-".str_replace(".","_",$_SERVER['SERVER_NAME']),"dummytext",time()-60*60*24*365,"/",$_SERVER['SERVER_NAME'],0);
//again you dont have to use cookies but i do.
    header("Location: ".$_SERVER["HTTP_REFERER"]."?logout=Success");

using header(); Helps with the session change to the correct login because its a refresh basicly.