jwhite68 Posted November 8, 2008 Share Posted November 8, 2008 I have a fairly simple code segment inside a login script which both sets the cookies and "attempts" to delete them on logout. if ($act=="login"){ if (!isset($_COOKIE['cookname']) && !isset($_COOKIE['cookpass'])){ setcookie("cookname", $_SESSION['UserEmail'], time()+60*60*24*100, "/",".domain.com"); setcookie("cookpass", $mdpass, time()+60*60*24*100, "/",".domain.com"); } } f($act=="logout") { if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ setcookie("cookname", "", time()-60*60*24*100,"/",".domain.com"); setcookie("cookpass", "", time()-60*60*24*100,"/",".domain.com"); unset($_COOKIE['cookname']); unset($_COOKIE['cookpass']); } exit(); } Note: This is an abridged login script, showing the relevant parts for cookie handling. When testing, I can see that the cookie is getting set. When I logout though, and then go back to a page that checks the cookie variables - it shows that they are set, even though the code to delete the cookies has been executed. Having read many topics on several forums, the issue seems to relate to the addition of the domain name as the last parameter, but even with this, its not working. Have tested on both IE and Firefox with the same result. Does anyone have any suggestions? Jon Quote Link to comment Share on other sites More sharing options...
jwhite68 Posted November 8, 2008 Author Share Posted November 8, 2008 I wanted to add that after the code in the logout section, there is the following: session_destroy(); session_unset(); session_write_close(); header("Location: ".$domain."index.php"); exit(); I have read that the redirect could be causing a problem. ie it redirects to the index.php page before it can complete the deletion of the cookies? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted November 9, 2008 Share Posted November 9, 2008 Are you 100% sure that the if($act=="logout") code is actually being executed? Are you debugging this on a system where error_reporting is set to E_ALL and display_errors is set to ON so that you would know if there are any header errors that are preventing the setcookie() from working? To reliably and simply log someone out, all you need to do is set/unset a value stored on the server, ideally in your user table, that says that someone is logged out. All the various lines of code to delete cookies, destroy session data files, and unset session variables is really just a waste of processing time and wasted bandwidth. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.