Bizarre Cookie problem

[johnharris]

I've looked around for anyone with the same problem and I can't see any solution so I decided to post. I have created this login form and it all works fine. I then added cookie support and that also worked. However, I cannot make it so that a cookie expires when the browser is closed. I have used a checkbox "remember_me" in the form, and have tested that it works ok (see the commented out echo statements in the submit section). If I login and no not check the button, then close the browser, then re-open, I am still logged in. I thought if no value for expiry was specified cookies expired on session (browser) close? Mine do not seem to be :( Below is login.php


[code]

<?php
   
    if (isset($_POST['submit']))    {
   
        require_once ('../mysql_connect.php');
       
        function escape_data ($data)    {
       
            global $dbc;
           
            if (ini_get('magic_quotes_gpc'))    {
           
                $data = stripslashes($data);
           
            }
           
            return mysql_real_escape_string($data, $dbc);
           
        }
       
        $message = NULL;
       
        if (empty($_POST['username']))    {
       
            $u = FALSE;
            $message .= '<p>You forgot to enter your username!</p>';
           
        } else    {
       
            $u = escape_data($_POST['username']);
           
        }
       
        if (empty($_POST['password']))    {
       
            $p = FALSE;
            $message .= '<p>You forgot to enter your password!</p>';
           
        } else    {
       
            $p = escape_data($_POST['password']);
           
        }
       
        if ($u && $p)    {
           
            $query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=MD5('$p')";
            $result = @mysql_query ($query);
            $row = mysql_fetch_array ($result, MYSQL_NUM);
           
            if ($row)    {
               
                if (isset($_POST['remember_me']))    {
                   
                    setcookie ('first_name', $row[1], time()+36000, '/', '', 0);
                    setcookie ('user_id', $row[0], time()+36000, '/', '', 0);
                    header ("Location: index.php");
                    //echo '<p>ticked</p>';
                   
                } else    {
               
                    setcookie ('first_name', $row[1], NULL, '/', '', 0);
                    setcookie ('user_id', $row[0], NULL, '/', '', 0);
                    header ("Location: index.php");
                    //echo '<p>Not ticked</p>';
                   
                }
               
            } else    {
           
                $message = '<p>Error. Your username/password is incorrect.</p>';
               
            }
           
            mysql_close();
           
           
        } else    {
       
            $message .= '<p>Please try again.</p>';
           
        }
       
    }
   
    if (isset($message))    {
   
        echo $message;
       
    }

?>

<form action="<?php echo $_SERVER['DOCUMENT_ROOT/index.php']; ?>" method="post">

    <p>Username: <input type="text" name="username" size="15" maxlength="20" value="<?php if (isset($_POST['username']))
    echo $_POST['username']; ?>" /></p>

    <p>Password: <input type="password" name="password" size="15" maxlength="20" /></p>
   
    <input type="checkbox" name="remember_me" /> Keep me logged in (requires cookies to be enabled)

    <div align="center"><input type="submit" name="submit" value="Login" /></div>
   
</form>

[/code]

[shocker-z]

why not use a session instead of cookie? these auto expire when browser is closed :)

Simpler than playing with cookies

Regards
Liam