Hey Guys,
I wonder why WPforo doesn't destroy/close all sessions after logout?
I have added a screenshot; Before, after login, and after logged-out.
Thanks.
Hi @beyondforce,
WordPress and wpForo don't use session for login and logout. wpForo is based on WordPress cookie authorization. There is no any information on PHP session about login users. Because the PHP session is only used for Error and Action messages in top right corner of your website. This is the only reason why wpForo initiate and use the sessions. It doesn't have any relation to authorization functions so it's not descried when you logout. The logout process is being done by WordPress core functions, which just remove cookie based information. Again, the PHP session is not used for login status.
More info: https://www.securitysift.com/understanding-wordpress-auth-cookies/