Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Argh! PHP and cookies

Options
  • 26-05-2005 3:53pm
    #1
    seamus
    Registered Users Posts: 68,317 ✭✭✭✭


    Right, I thought I'd done this before with no hassle.

    It's really a noodle scratcher.

    I'm trying to implement a login/logout system using cookies.

    When the user logs in, it authenticates, blah blah, and then sets a few cookies, for example: 
    setcookie("HDuserid", $row['id'], time()*60*60*24, "/", $global_cookie_host, 0);

    The when the user logs out it sets the cookie to an expired time (which in theory should make the browser delete it), thusly; 
    setcookie("HDuserid", "0", time() - 31536000, "/", $global_cookie_host, 0);

    But I'm getting some really strange behaviour.

    Firstly, setting the cookie to log in, doesn't work in IE - the browser doesn't remember the cookies that are set. If I remove the path, host, and secure parameters, it remembers it no problem.
    However, the above works fine in Firefox, it remembers it fine. The only thing that's weird about the setup is that at the moment, $global_cookie_host = "localhost", but if firefox accepts it, and returns the cookie, then that's not an issue, is it?
    For the moment, I can work around it, as Firefox is happy with or without the hostname (it's not essential that I use firefox, but the web dev toolbar is handy for this kind of troubleshooting).

    Most importantly, I can't log out! Both browser hold onto the cookie as a session cookie. How can I tell the browser to delete the cookie now?


Comments

  • Options
    #2
    Serbian
    Registered Users Posts: 2,157 ✭✭✭Serbian


    For destroying sessions, PHP.net recommend the following:

    [php]session_start();

    $_SESSION = array();

    if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
    }

    session_destroy();
    [/php]


  • Options
    #3
    seamus
    Registered Users Posts: 68,317 ✭✭✭✭seamus


    Cheers, but no joy with that :(

    There are no sessions actually running, but the browsers are treating the cookies as session cookies, i.e. not discarding them until the browser is closed.


  • Options
    #4
    hostyle
    Registered Users Posts: 1,268 ✭✭✭hostyle


    Probably not the case, but check if the time is out of sync between your client and server. I had one hell of a two hour session a couple of years ago struggling with 10 minute cookies where there was an hour difference between client and server until I figured out the problem :)


  • Options
    #5
    seamus
    Registered Users Posts: 68,317 ✭✭✭✭seamus


    Yep, I'm an idiot.

    In some sites, I use "do" as a get variable, and other parts I use "action". I mixed them up and it turns out I wasn't deleting the cookies at all.

    D'oh.


Advertisement