Jump to content

Why are cookies not getting deleted

jwhite68

By jwhite68
in PHP Coding Help

 Share

Recommended Posts

jwhite68 Regular Member

jwhite68

Posted
Posted

I have a fairly simple code segment inside a login script which both sets the cookies and "attempts" to delete them on logout.

 

if ($act=="login"){
        if (!isset($_COOKIE['cookname']) && !isset($_COOKIE['cookpass'])){
          setcookie("cookname", $_SESSION['UserEmail'], time()+60*60*24*100, "/",".domain.com");
          setcookie("cookpass", $mdpass, time()+60*60*24*100, "/",".domain.com");
        }

}

f($act=="logout")
{

if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      setcookie("cookname", "", time()-60*60*24*100,"/",".domain.com");
      setcookie("cookpass", "", time()-60*60*24*100,"/",".domain.com");
  unset($_COOKIE['cookname']);
  unset($_COOKIE['cookpass']);
     }  
	exit();
}

 

Note: This is an abridged login script, showing the relevant parts for cookie handling.

 

When testing, I can see that the cookie is getting set.  When I logout though, and then go back to a page that checks the cookie variables - it shows that they are set, even though the code to delete the cookies has been executed.

 

Having read many topics on several forums, the issue seems to relate to the addition of the domain name as the last parameter, but even with this, its not working. Have tested on both IE and Firefox with the same result. Does anyone have any suggestions?

 

Jon

Link to comment
Share on other sites
jwhite68 Regular Member

jwhite68

Posted
  • Author
Posted

I wanted to add that after the code in the logout section, there is the following:

 

    session_destroy();
    session_unset();
session_write_close();
header("Location: ".$domain."index.php");
exit();

 

I have read that the redirect could be causing a problem. ie it redirects to the index.php page before it can complete the deletion of the cookies?

 

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Are you 100% sure that the if($act=="logout") code is actually being executed? Are you debugging this on a system where error_reporting is set to E_ALL and display_errors is set to ON so that you would know if there are any header errors that are preventing the setcookie() from working?

 

To reliably and simply log someone out, all you need to do is set/unset a value stored on the server, ideally in your user table, that says that someone is logged out. All the various lines of code to delete cookies, destroy session data files, and unset session variables is really just a waste of processing time and wasted bandwidth.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.