cjp_24 Posted April 28, 2010 Share Posted April 28, 2010 Hi all, I hope someone could please help me. I have written 50% of my site and the login/logout part works but intermittantly I am getting problems with it. Let me explain .. I have <login.php> which has a form with USERNAME and PASSWORD, when you submit POST's to <dologin.php> <dologin.php> checks the DB for the username then the password and, if all Ok (and it does come back OK) it will then set a $_COOKIE(["Username"],$row["username"],3600); then I do a HEADER ( "location: <back to my site>/index.php" ); on the <index.php> page, there is a nav button that when detects the cookie "Username" is set to then show, and also if the cookie is set then makes the Login button a logout button. ... now this works 95% of the time, 5% it doesnt. You will log in and then click SUBMIT, but when it goes back to the <index.php> page, the cookie is just not set so the login button doesnt change and you are not effectivley logged in. (other pages that track the "Username" cookie)... and sometimes it is the same when the first part works, I click the LOGOUT button which goes to <dologout.php> which just clears the cookie (by setting time()-3600), when it goes back to <index.php> via Header ("location: <back to my site>/index.php" ); again sometimes the cookie does not delete. Is there any problems generally with $_COOKIES with this sort of thing. I hope I am making sense Please help, it is annoying.. It is like sometimes the cookie is either not saving or it taking longer to save so it is not being picked up. :confused: Thanks Cliff Quote Link to comment Share on other sites More sharing options...
Adam Posted April 28, 2010 Share Posted April 28, 2010 Cookies are not instantly available once set, only after the next HTTP request. Regardless of this though, relying on a cookie to validate a user is totally insecure; I could just set the cookie myself. Quote Link to comment Share on other sites More sharing options...
cjp_24 Posted April 28, 2010 Author Share Posted April 28, 2010 Cookies are not instantly available once set, only after the next HTTP request. Regardless of this though, relying on a cookie to validate a user is totally insecure; I could just set the cookie myself. Oh okay, I hear you. I am fairly new with PHP and the the security of it all. What would you suggest? Sessions? are sessions instantly available once set? But surely when I set the cookie and then header ("location:") to another page, that is the next HTTP request? is it not? :'( Thanks for you help Cliff Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted April 28, 2010 Share Posted April 28, 2010 By default, sessions propagate the session id using a cookie, so whatever is causing your setcookie()/$_COOKIE to not work may in fact prevent sessions from working as well. It would be best to find out why your cookies are not working. I'm going to guess that your code is clearing the cookie under some conditions. It would take seeing your code to directly be able to help with what it is or is not doing. Quote Link to comment Share on other sites More sharing options...
cjp_24 Posted April 28, 2010 Author Share Posted April 28, 2010 By default, sessions propagate the session id using a cookie, so whatever is causing your setcookie()/$_COOKIE to not work may in fact prevent sessions from working as well. It would be best to find out why your cookies are not working. I'm going to guess that your code is clearing the cookie under some conditions. It would take seeing your code to directly be able to help with what it is or is not doing. Thanks PFMaBiSmAd, When I go home tonight I will post the code up for you to see... Cliff Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.