//let's completely terminate the session and bring them to login page
echo ("Logging Out...");
header('Refresh: 1; url=index.php');
When you try to log in with two different accounts, both are being assigned the same session ID. I think this is because the cookie was being deleted server side, but it was still remaining on the clients machine? For some reason
wasn't deleting the cookie from the machine.
I was each user to be assigned a different session_id because I am using that to select the products in their cart.