KingIsulgard Posted November 22, 2009 Share Posted November 22, 2009 Hi there, I am writing an authentication script with an class Authentication who checks if a user is logged in or not. Everything works fine, logging in, checking if logged in, checking if there is a cookie TO log in when not yet logged in, and so on. Except one thing. When logging out, I can destroy the sessions and the user gets logged out. But he logs in immediately again because somehow the cookie survived the logout script. This is very weird since I actually destroy the cookie in the logout function. Can you please check it for me? Here is a snippet of the code: // Fucntion to log the user out public function logOut() { // Clear sessions unset($_SESSION["security"]); unset($_SESSION["loggedin"]); session_unset(); session_destroy(); // Set the user status to not logged in $this->loggedIn = false; // Destroy cookie setcookie("BusinessgameRemember", "", time() - 60*60*24); } // Function to create a new session public function createSession($securityCode) { session_start(); // Activate the use of sessions $_SESSION["loggedin"] = "true"; $_SESSION["security"] = $securityCode; } // Function to create a new cookie public function createCookie($securityCode) { // Set cookie setcookie("BusinessgameRemember", $securityCode, time() + 60*60*24*30); } You can see the code that creates the sessions and the script which creates a cookie (both works fine). The logout function DOES destroy the sessions but not the cookie. Any hints? :s Link to comment https://forums.phpfreaks.com/topic/182496-logout-function-cookie-isnt-deleted/ Share on other sites More sharing options...
MisterWebz Posted November 22, 2009 Share Posted November 22, 2009 I'm still new to PHP, but try this. Replace the original with this: setcookie("BusinessgameRemember", "", time() - 60*60*24*60); Link to comment https://forums.phpfreaks.com/topic/182496-logout-function-cookie-isnt-deleted/#findComment-963261 Share on other sites More sharing options...
mattal999 Posted November 22, 2009 Share Posted November 22, 2009 To set the cookie, you use: setcookie("BusinessgameRemember", $securityCode, time() + 60*60*24*30); Which is 1 month into the future. You then try and destroy it using this: setcookie("BusinessgameRemember", "", time() - 60*60*24); Which is only -1 DAY in the future. Should be 60*60*24*30. Link to comment https://forums.phpfreaks.com/topic/182496-logout-function-cookie-isnt-deleted/#findComment-963262 Share on other sites More sharing options...
KingIsulgard Posted November 28, 2009 Author Share Posted November 28, 2009 Well -1 day in the future means one day in the past, so it is already passed which means the cookie should get deleted. It's not like I have to substracted a month from the cookies time. I just set a NEW time in the past. Link to comment https://forums.phpfreaks.com/topic/182496-logout-function-cookie-isnt-deleted/#findComment-967010 Share on other sites More sharing options...
MisterWebz Posted November 28, 2009 Share Posted November 28, 2009 Well -1 day in the future means one day in the past, so it is already passed which means the cookie should get deleted. It's not like I have to substracted a month from the cookies time. I just set a NEW time in the past. No, -1 day means substracting 1 day off the amount of days the cookie has been set for. If the cookie has been set for 2 days and you're substracting 1 day, then there's still 1 day left. Link to comment https://forums.phpfreaks.com/topic/182496-logout-function-cookie-isnt-deleted/#findComment-967112 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.