cant delete cookies?

gotenxds · August 26, 2011

hya, ive given a link from my index page to a pgave i call logout.php

in that page i have the following code:

<?php 
if (isset($_COOKIE['User_Id'])){

setcookie('User_Id', "" ,time()-3600);
setcookie('UserName',  "" ,time()-3600);	
echo "cookies has been deleted";
   
}
else {echo 'you are not loged in' ;}


?>

i get the 'echo "cookies has been deleted";'

msg but the cookies are not dellted, any ides ?

WebStyles · August 26, 2011

according to the php manual:

Cookies will not become visible until the next loading of a page that the cookie should be visible for. To test if a cookie was successfully set, check for the cookie on a next loading page before the cookie expires. Expire time is set via the expire parameter. A nice way to debug the existence of cookies is by simply calling print_r($_COOKIE);.

so if you're checking if they were deleted on the same page, they probably aren't yet. At the end of your logout.php, redirect to another page and check the cookie again with something like this: (just to be sure if it's deleting or not)

foreach($_COOKIE as $k=>$v){
echo 'Cookie <b>'.$k.'</b> still exists with value: '.$v.'<br />';
}

gotenxds · August 26, 2011

allready tried thay, hed a

$home_url = 'http://' .$_SERVER['HTTP_HOST'] . '/index.php';

		header('Location: ' . $home_url)  ;

in the same page

and my index chacks to see wheter a cookie is in place

if not it asks to log in

if yes is says 'wellcome "username" '

and i get the wellcome msg

PFMaBiSmAd · August 26, 2011

What is the code that is setting the cookies? The code that is 'deleting' the cookie must use the same parameters as when the cookie was set? What is the code that is testing for the cookie and displaying the - 'welcome "username" ' message? It might have a logic error in it.

Also, it is not safe to set cookies with 'simple' and easy to guess values, because anyone can change the value in a cookie and could impersonate any of your site members.

cyberRobot · August 26, 2011

Do you run the code that removes the cookies before the header() redirect?

Never mind, apparently I needed to re-familiarize myself with header()

gotenxds · August 26, 2011

What is the code that is setting the cookies? The code that is 'deleting' the cookie must use the same parameters as when the cookie was set? What is the code that is testing for the cookie and displaying the - 'welcome "username" ' message? It might have a logic error in it.

Also, it is not safe to set cookies with 'simple' and easy to guess values, because anyone can change the value in a cookie and could impersonate any of your site members.

the code that seting the cookies is

			$row = mysqli_fetch_array($data);
		setcookie('User_Id', $row['user_id'],time() +(60 * 60 * 1));
		setcookie('UserName', $row['username'],time() +(60 * 60 * 1));

the code that displying the welcome and log in is a if else statment, and i know that the cookies are not being deleted bcus i chack in firefox "delete coockies by site " option and after delete them via firefox i get the plz plgin msg

here is the intire login page (some stuff maybe in hebrew plz ignore):

<?php 
require_once('db_login.php');

//the error massged

$Login_error = "" ;
//chacck if looged in, else check if trying to login
if (!isset($_COOKIE['User_Id'])){
  if (isset($_POST['submit'])){
  //connect to db
       $connection = mysqli_connect($db_host, $db_username, $db_password, $db_database) or die ('damn');
   
   //grabing user enterd details
   $user_username = mysqli_real_escape_string($connection, trim($_POST['UserName']));
   $user_password = mysqli_real_escape_string($connection, trim($_POST['password']));
   
   if (!empty($user_username) && !empty($user_password)){
   $query = "SELECT username, user_id FROM users WHERE username = '$user_username' AND ".
   "password = '$user_password'";
   $data = mysqli_query($connection, $query);
   echo mysqli_num_rows($data);
      if(mysqli_num_rows($data) == 1){
		 $Login_error ="yay";
		//user name and pass are ok
		$LoginDate = date('j\.n\.Y \בשעה H\:i') ;
		$row = mysqli_fetch_array($data);
		setcookie('User_Id', $row['user_id'],time() +(60 * 60 * 1));
		setcookie('UserName', $row['username'],time() +(60 * 60 * 1));

		$home_url = 'http://' .$_SERVER['HTTP_HOST'] . '/index.php';

		header('Location: ' . $home_url)  ;
	  }
	    else{
		//worng username AND\OR password
		$Login_error ="שם המשתמש או הסיסמא לא נכונים";	
		}
   }
     else{
		 //no username and'or password were enterd
		 $Login_error = "לא הכנסת שם משתמש וסיסמה";
		 }

  }

}

?>

<?php
//if the cookie is empty show errormsg and form
if(empty($_COOKIE['User_Id']))
{ echo $Login_error ;

?>
<script type="text/javascript" >
               $(document).ready(function () {
                   $("#login").ready(function () {
                       $("#login").slideDown('slow');

                   });

               });


</script>
<div id="login" style="background-color:#09C;border:1px solid; width:100%; height:25px; display:none; margin-bottom:5px;">
         
         לא חבר באתר?
            <a href="/Register.php"><span style="color:#9C3; font-style:oblique;">הרשם</span></a>
            עכשיו!
          
            <form style="float:right" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
            
      <label>
   שם משתמש: <input type="text" id="UserName" name="UserName"/>
      </label>      
            

            
      <label>
   סיסמה: <input type="password" id="password"  name="password"/>
      </label>      
      
      <input type="submit" name="submit" value="התחבר" />
      
       
            </form>
  
                 
</div>

<?php } 
else{ 
?>
<script type="text/javascript" >
               $(document).ready(function () {
                   $("#login").ready(function () {
                       $("#login").slideDown('slow');

                   });

               });


</script>

<div id="login" style="background-color:#09C;border:1px solid; width:100%; height:25px; display:none; margin-bottom:5px;">
         
שלום 
  <?php echo $_COOKIE['UserName']; ?>  
התחברתה לאחרונה ב

לחץ  
<a href="Core/LogOut.php">כאן</a>
על מנת להיתנתק
          
  
  
                 
</div>

<?php }?>

and the intire logout page:

<?php 
if (isset($_COOKIE['User_Id'])){

setcookie('User_Id', "" ,time()-3600);
setcookie('UserName',  "" ,time()-3600);	
   
}
$home_url = 'http://' .$_SERVER['HTTP_HOST'] . '/index.php';

		header('Location: ' . $home_url)  ;

?>

PFMaBiSmAd · August 26, 2011

<a href="Core/LogOut.php">כאן</a>

Your logout page is at a different path than your login code and you are not setting the cookie with a '/' as the 4th parameter, so 1) The cookie only matches the path where it was set and 2) the path where you are trying to delete the cookie is not the same as where it was set.

Use the '/' as the 4th parameter in all your setcookie() statements so that the cookie will match all paths under your domain -

setcookie('User_Id', $row['user_id'],time() +(60 * 60 * 1), '/');

setcookie('User_Id', "" ,time()-3600, '/');

And as already stated, setting simple user id and username values in cookies is easy for anyone to guess and find values that work, such as your user id and your user name.

gotenxds · August 26, 2011

it works ! thx alot for your help

and i toke a look at this sites cookies and i understand what you mean, im new to php (about 2 weeks ) and i have alot to laern about security.

thx agin.

Sign In

cant delete cookies?

Recommended Posts

gotenxds

Link to comment

Share on other sites

WebStyles

Link to comment

Share on other sites

gotenxds

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

cyberRobot

Link to comment

Share on other sites

gotenxds

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

gotenxds

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information