Actually some of the times we faces such problem like
- If we register an user then move up to login page. After that if i am using the same email / username with wrong password then we see that the user loggin successfully.
- If you loggin a user with his correct email / username and password then generally in case of Mobile Apps we don’t bother about session maintenance. So, by logout we just move the user to the loggin page. But after this if you are logging the same user with worng password even though there may be a chance that he may loggin successfully.
Some of the times session automatically started with the loggin or registration of the user. You have to called the actual logout web service after the registration or with logout function. This generally happens when we use JSON web services in the mobile application.