Jump to content

Recommended Posts

Hello community,

 

I am trying to create a login script, but in the HTTP Header it only sends the last cookie set.

 

I first tried this code:

 

$expire=time()+60*60*24;
setcookie("gcg_user",$userid,$expire);
setcookie("gcg_name",$username,$expire);
setcookie("gcg_pass",$password,$expire);

 

But it only set the gcg_pass cookie. Someone else suggested me to use header():

 

$expire=date(DATE_RFC822,time()+60*60*24);
header('Set-Cookie: gcg_user="'.$userid.'"; expires='.$expire.';');
header('Set-Cookie: gcg_name="'.$username.'"; expires='.$expire.';',false);
header('Set-Cookie: gcg_pass="'.$password.'"; expires='.$expire.';',false);

 

But again it only sets the last cookie.

The first code has been working fine on another server. Do I have to adjust anything in php.ini?

 

Running XAMPP Lite:

###### Apache Friends XAMPP Lite (Basis Package) version 1.7.3 ######

  + Apache 2.2.14 (IPV6 enabled)

...

  + PHP 5.3.1 (PEAR)

...

 

Any help on that? Thanks in Advance!

Link to comment
https://forums.phpfreaks.com/topic/211496-cookie-problem-only-sets-last-one/
Share on other sites

You are better using array cookies as opposed to using multiple cookies

<?php
setcookie("data[gcg_user]", $userid);
setcookie("data[gcg_name]", $username);
setcookie("data[gcg_pass]", $password);
?>

To view the data

<?php
print $_COOKIE['data']['gcg_user'];
?>

 

On another note, what you are doing is highly insecure for a login based system. You are setting a users username / password & id in a text cookie file that is stored on their pc. If there is any kind of trojan or virus on that users pc it may read the information inside the cookie. This would give it access to your site. Also if the user uses the same username / password combo on other sites such as Internet banking then they could be in real trouble.

 

You should never store usernames / passwords in cookie files. You should use sessions to authenticate users. Even then you do not have to save the user data to session variables. After a successful login just set a session variable flag i.e

$_SESSION['loggedin'] = true;

and test for it on pages that require the user to be logged in. If you do want to use a cookie so the user stays permanently logged in then you should use some kind of hash value that identifies the user to the site.

I tried that ,but it still gives me only the last cookie.

print_r($_COOKIE);

Array ( [data] => Array ( [gcg_pass] => --- ) ) 

As I said, it works on another webhoster, so my it be a fault with my PHP configuration?

 

Also, no worry, I'm not storing the password just like that, but encrypted (not pure md5 though). Also a session ID is used (I just didn't add it to the examples because I think three already get the point across).

$expire=date(DATE_RFC822,time()+60*60*24);
header('Set-Cookie: gcg_user="'.$userid.'"; expires='.$expire.';');
header('Set-Cookie: gcg_name="'.$username.'"; expires='.$expire.';',false);
header('Set-Cookie: gcg_pass="'.$password.'"; expires='.$expire.';',false);

 

That's what you mean, no? Or am I understanding something wrong?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.