if(!isset($_SESSION['xxx'], $_SESSION['xxx']))
This is checking if the session is not
set, note the !
symbol. So you are echoing Login Successfull
when the session variables are not set.
You should have it like the following:
if(isset($_SESSION['xxx'], $_SESSION['xxx']))
{
echo "Login successfull";
}
else
{
session_destroy();
header("location:main_login.php");
}