<?php
if (!$user->isAuth()) {
redirect('/');
exit;
}
$stmt = $db->prepare("DELETE FROM users_sessions WHERE token = :token");
$stmt->bindParam(':token', $user->getSession()->token, PDO::PARAM_STR);
$stmt->execute();
setcookie('__session', null, -1, '/');
unset($_SESSION['__session']);
redirect('/');
exit;