With the current logoff.php modification the user is never able to logoff creating a potential security risk.

The programmer forgot to put the value parameter when cleaning the cookies.

These are the lines that need to be changed:
From:
setcookie('email_address', time() - 3600, $cookie_path);
setcookie('password', time() - 3600, $cookie_path);

To:
setcookie('email_address', '', time() - 3600, $cookie_path);
setcookie('password', '', time() - 3600, $cookie_path);

Please note that, obviously, they are two single quotes in each line.

I attach the corrected file only.

More...