Jump to content

Recommended Posts

Ok, when I click the logout button this gets executed and the session ends.

 

if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');

 

However, if the browser closes, or even when the computer restarts, the session still remains if I do not logout. How do I fix this? Do I have to put the setcookie on every page...???

Link to comment
https://forums.phpfreaks.com/topic/139603-setcookie/
Share on other sites

You're setting the expiry time for the "session cookie" to an un-natural amount of time (I believe is the problem).

 

When you use session_start(); the cookie will be automatically created. When you use session_destory(), close the browser or make no action for x amount of time; the cookie is destroyed. You never need to use setcookie(); for a session cookie!

 

A

Link to comment
https://forums.phpfreaks.com/topic/139603-setcookie/#findComment-730365
Share on other sites

Matter of opinion on this, i think sessions are more cleaner anyway.. little less exploitative as well i think, as everything is contained server side.. beside if someones got a browser set to ignore cookies then cookies wont work, its rare now adays as sooo many sites use cookies.. but still lol.. anywho this is just opinion so ill leave off on that.

 

and if you wanna set a timeout for a session you can still do that too, where if the user idles to long and then comes back if the time has been x from the last time then boot then destroy the session. Can do this with PHP/Javascript (AJAX) too so it just keeps checking and does its thing regardless of naving around. But im lazy so i dont..

Link to comment
https://forums.phpfreaks.com/topic/139603-setcookie/#findComment-730375
Share on other sites

Well regardless of cookie time if a browser is closed the sessions generally kill, at least most websites I have been on. Mine's not doing that and I prefer it that way. Other than that they could stay logged in for eternity, which is fine with me hence the unusually long time.

Link to comment
https://forums.phpfreaks.com/topic/139603-setcookie/#findComment-730386
Share on other sites

 

He is using a session and is attempting to delete the session id cookie.

 

Deleting cookies and destroying sessions... to log someone out is a waste of processing time, results in overly complicated code, and is the least secure way of logging someone out.

 

The simplest and most secure way of logging someone in/out is to store the logged in/out status in your user table in your database. The session should just identify who the visitor is and point to correct row in the user table. If using a cookie to identify a visitor, generate a unique id that is stored in the cookie and in the user table (for authentication purposes don't store row/user id numbers or user names in a cookie.) Simple, yes? This also prevents session hijacking of someone that is logged out (session hijacking of someone who is logged in is a different problem.)

 

Edit: A session should only be used to identify a visitor for short term log in (one browser session.). A cookie should be used to identify a visitor for long term use (a remember me function.)

Link to comment
https://forums.phpfreaks.com/topic/139603-setcookie/#findComment-730388
Share on other sites

So if bob logs in then I store a 'yes', for example, in a table specifically designed to indicated bob's logged in status. But again, what happens if he closes his browser without logging out? How does the db update then?

 

I thought I was just setting sessions but my sessions weren't dying when I unset them so I used the whole cookie deal and wah-lah it works. See http://www.phpfreaks.com/forums/index.php/topic,232287.0.html

Link to comment
https://forums.phpfreaks.com/topic/139603-setcookie/#findComment-730399
Share on other sites

Since when is session_destroy and setcookie considered overly complicated?

 

 

Deleting cookies and destroying sessions... to log someone out is a waste of processing time, results in overly complicated code, and is the least secure way of logging someone out.

 

Link to comment
https://forums.phpfreaks.com/topic/139603-setcookie/#findComment-730422
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.