Cookie Problem: Only sets last one

[Superyoshi]

Hello community,

 

I am trying to create a login script, but in the HTTP Header it only sends the last cookie set.

 

I first tried this code:

 

$expire=time()+60*60*24;
setcookie("gcg_user",$userid,$expire);
setcookie("gcg_name",$username,$expire);
setcookie("gcg_pass",$password,$expire);

 

But it only set the gcg_pass cookie. Someone else suggested me to use header():

 

$expire=date(DATE_RFC822,time()+60*60*24);
header('Set-Cookie: gcg_user="'.$userid.'"; expires='.$expire.';');
header('Set-Cookie: gcg_name="'.$username.'"; expires='.$expire.';',false);
header('Set-Cookie: gcg_pass="'.$password.'"; expires='.$expire.';',false);

 

But again it only sets the last cookie.

The first code has been working fine on another server. Do I have to adjust anything in php.ini?

 

Running XAMPP Lite:

###### Apache Friends XAMPP Lite (Basis Package) version 1.7.3 ######

  + Apache 2.2.14 (IPV6 enabled)

...

  + PHP 5.3.1 (PEAR)

...

 

Any help on that? Thanks in Advance!

[JonnoTheDev]

You are better using array cookies as opposed to using multiple cookies

<?php
setcookie("data[gcg_user]", $userid);
setcookie("data[gcg_name]", $username);
setcookie("data[gcg_pass]", $password);
?>

To view the data

<?php
print $_COOKIE['data']['gcg_user'];
?>

 

On another note, what you are doing is highly insecure for a login based system. You are setting a users username / password & id in a text cookie file that is stored on their pc. If there is any kind of trojan or virus on that users pc it may read the information inside the cookie. This would give it access to your site. Also if the user uses the same username / password combo on other sites such as Internet banking then they could be in real trouble.

 

You should never store usernames / passwords in cookie files. You should use sessions to authenticate users. Even then you do not have to save the user data to session variables. After a successful login just set a session variable flag i.e

$_SESSION['loggedin'] = true;

and test for it on pages that require the user to be logged in. If you do want to use a cookie so the user stays permanently logged in then you should use some kind of hash value that identifies the user to the site.

[Superyoshi]

I tried that ,but it still gives me only the last cookie.

print_r($_COOKIE);

Array ( [data] => Array ( [gcg_pass] => --- ) ) 

As I said, it works on another webhoster, so my it be a fault with my PHP configuration?

 

Also, no worry, I'm not storing the password just like that, but encrypted (not pure md5 though). Also a session ID is used (I just didn't add it to the examples because I think three already get the point across).

[JonnoTheDev]

See

http://www.php.net/manual/en/function.setcookie.php#94030

[Superyoshi]

$expire=date(DATE_RFC822,time()+60*60*24);
header('Set-Cookie: gcg_user="'.$userid.'"; expires='.$expire.';');
header('Set-Cookie: gcg_name="'.$username.'"; expires='.$expire.';',false);
header('Set-Cookie: gcg_pass="'.$password.'"; expires='.$expire.';',false);

 

That's what you mean, no? Or am I understanding something wrong?

[JonnoTheDev]

yep

[Superyoshi]

Well, it doesn't work, too. I guess I'll resort to using one single cookie and using explode() on the value. Thanks though.