KingIsulgard Posted November 22, 2009 Share Posted November 22, 2009 Hi there, I am writing an authentication script with an class Authentication who checks if a user is logged in or not. Everything works fine, logging in, checking if logged in, checking if there is a cookie TO log in when not yet logged in, and so on. Except one thing. When logging out, I can destroy the sessions and the user gets logged out. But he logs in immediately again because somehow the cookie survived the logout script. This is very weird since I actually destroy the cookie in the logout function. Can you please check it for me? Here is a snippet of the code: // Fucntion to log the user out public function logOut() { // Clear sessions unset($_SESSION["security"]); unset($_SESSION["loggedin"]); session_unset(); session_destroy(); // Set the user status to not logged in $this->loggedIn = false; // Destroy cookie setcookie("BusinessgameRemember", "", time() - 60*60*24); } // Function to create a new session public function createSession($securityCode) { session_start(); // Activate the use of sessions $_SESSION["loggedin"] = "true"; $_SESSION["security"] = $securityCode; } // Function to create a new cookie public function createCookie($securityCode) { // Set cookie setcookie("BusinessgameRemember", $securityCode, time() + 60*60*24*30); } You can see the code that creates the sessions and the script which creates a cookie (both works fine). The logout function DOES destroy the sessions but not the cookie. Any hints? :s Quote Link to comment Share on other sites More sharing options...
MisterWebz Posted November 22, 2009 Share Posted November 22, 2009 I'm still new to PHP, but try this. Replace the original with this: setcookie("BusinessgameRemember", "", time() - 60*60*24*60); Quote Link to comment Share on other sites More sharing options...
mattal999 Posted November 22, 2009 Share Posted November 22, 2009 To set the cookie, you use: setcookie("BusinessgameRemember", $securityCode, time() + 60*60*24*30); Which is 1 month into the future. You then try and destroy it using this: setcookie("BusinessgameRemember", "", time() - 60*60*24); Which is only -1 DAY in the future. Should be 60*60*24*30. Quote Link to comment Share on other sites More sharing options...
KingIsulgard Posted November 28, 2009 Author Share Posted November 28, 2009 Well -1 day in the future means one day in the past, so it is already passed which means the cookie should get deleted. It's not like I have to substracted a month from the cookies time. I just set a NEW time in the past. Quote Link to comment Share on other sites More sharing options...
MisterWebz Posted November 28, 2009 Share Posted November 28, 2009 Well -1 day in the future means one day in the past, so it is already passed which means the cookie should get deleted. It's not like I have to substracted a month from the cookies time. I just set a NEW time in the past. No, -1 day means substracting 1 day off the amount of days the cookie has been set for. If the cookie has been set for 2 days and you're substracting 1 day, then there's still 1 day left. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.