PHP include() and Cookies

[MrBeef]

I have a top nav portion of my site called header.php. This site displays "Logged in" or "Sign in" based on whether a cookie is set or not. The file header.php is included on all pages.

 

When I got to my logout.php page, however, I want the cookie to be destroyed BEFORE the header is loaded so that the header shows "Sign in" instead of "Logged in." This doesn't seem to be happening so I have to refresh the page and then it displays properly.

 

Here's the code:

<?php
        setcookie("user", "", time() - 3600);
        include("header.php");
?>

 

The functionality is there but I'd like it to display properly. Any suggestions on how to get around this? Thanks!

[cags]

Assuming header.php reads that cookie, what you have there looks correct.

[PFMaBiSmAd]

The $_COOKIE variables are set when the browser requests a page. setcookie() sends the header to the browser to get it to change the saved cookie in the browser.

 

You have a couple of choices -

 

1) After the setcookie(), perform a redirect to the same page (this will insure that the cookie was actually set to the new value.)

 

2) You can set the $_COOKIE variable to the value you want in your code (this has the disadvantage of not truly showing the actual value in case the setcookie() fails.)

 

However, you should not use the existence or absence of a cookie to tell you someone is logged in. All I would need to do is create a cookie that says I am you and I can visit your site and do anything on it that you can do. You should use the cookie to identify the visitor only, through a unique value that cannot easily be guessed or reverse engineered, and determine the logged in/logged out status through a value that is kept on the server only (so that if you log out, no one that gets ahold of your cookie values can appear to be logged in without logging in using the correct username and password.)