[SOLVED] setcookie() to destroy cookie not working?

[bloodgoat]

I'm setting 4 different cookies to hold variables with my login script. I created a logout.php to destroy these cookies, but something weird happens after I do it, and it leaves me logged in...

 

Before logging out:

Welcome, userName (userIP)

Your permissions are userPermissions (userLevel)

(Just replaced the key values, it doesn't actually look like that. Also, userLevel is called through an if...else line based on the numeric value of your userPermissions, so it's not saved in the cookie, only userPermissions is.)

 

logout.php:

<?php

setcookie('user', time()-3600);
setcookie('pass', time()-3600);
setcookie('addr', time()-3600);
setcookie('levl', time()-3600);

?>

 

After logging out:

Welcome, 1237873532 (1237873532)

Your permissions are 1237873532 ()

 

What's the deal?

[thebadbad]

From the manual:

 

Common Pitfalls:

 

• Cookies must be deleted with the same parameters as they were set with. If the value argument is an empty string, or FALSE, and all other arguments match a previous call to setcookie, then the cookie with the specified name will be deleted from the remote client. This is internally achieved by setting value to 'deleted' and expiration time to one year in past.
  

[Illusion]

Try this

<?php

setcookie('user',"", time()-3600);
setcookie('pass',"", time()-3600);
setcookie('addr',"", time()-3600);
setcookie('levl', "",time()-3600);

?>

[bloodgoat]

Perfect! I had a hunch that had something to do with it (I skimmed the setcookie() article on PHP.net, I didn't catch that excerpt).