Jump to content

Deleting old session cookie not working

tork

By tork
in PHP Coding Help

 Share
Go to solution Solved by tork,

Recommended Posts

tork Member

tork

Posted
Posted

Here's my original script:

 

session_name('2010'); // to name the session

session_start(); // 2010 session starts - either found or created
 

Firebug shows the correct session cookie:

 

2010 and expiry data

 

Script changed to:

 

session_name('2013'); // to name the session

session_start(); // 2013 session should cause the 2013 session cookie to be created
setcookie(session_name('2010'), '', time()-3600, '/', '.site.com'); // old session cookie 2010 should be deleted

 

Firebug still shows the 2010 session cookie and not the 2013 session cookie:

 

2010 and expiry data - no change to expiry data or cookie name.

 

How can I delete the 2010 session cookie and create the new 2013 session cookie?

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/283315-deleting-old-session-cookie-not-working/
Share on other sites
tork Member

tork

Posted
  • Author
Posted

And .. php.ini has the following parameters set:

 

; http://php.net/session.use-only-cookies
session.use_only_cookies = 1

 

; http://php.net/session.name
session.name = PHPSESSION

 

; http://php.net/session.cookie-lifetime
session.cookie_lifetime = 30

tork Member

tork

Posted
  • Author
Posted

I'm not sure what you're trying to say. If I use session_delete(), it will have to come after the session_start() and will delete the new session. The cookies are all session cookies and were not set using setcookie.

Can you explain what you mean please?

tork Member

tork

Posted
  • Author
Posted

I wrote the following into my script, as per your reference:

 

$params = session_get_cookie_params();
setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
 

However, the cookies weren't deleted until I changed the php.ini parameter ; http://php.net/session.name to the session_name of the session cookie that I believe I had created it with. I was trying to delete it with the session.name PHPSESSION in php.ini.

 

Is this what you expected, mentalist?

Ch0cu3r Newbie

Ch0cu3r

Posted
Posted

Dont use setcookie() to affect the actual session cookie.

 

If you want to rename the session cookie use session_name() before you call session_start(). If you want to stop the session call session_destroy(). You cannot delete the cookie, you can only make it invalid. If the session is destroyed any session values are also cleared.

tork Member

tork

Posted
  • Author
Posted

Thanks Ch0cu3r.

So what I've done to stop the current cookie and start a newly named one follows. Is this correct?

What actaully removes the old cookies? (I'm thinking they could accumulate to whatever max is allowed in the browser).

 

// Identify the session that needs destroyed (if it is not identified, then the default session name in php.ini will be used - eg PHPSESSION)
session_name('2011');
// Start the previous session - a new session id will be generated if the current one has expired
session_start();
// Destroy the previous session - the 'destroy' doesn't remove the cookie, but simply makes the cookie invalid, and removes all session values and stops the session
session_destroy();
// Now a new session name is given
session_name('2012');
// And the new session begins
session_start();
// Never use setcookie with session cookies
 

objnoob Member

objnoob

Posted
Posted

You can use setcookie to set any cookie, including a session cookie as long as no output has already been started and sent to the browser.

To modify an existing cookie, you need to make sure you use the same cookie parameters NAME, PATH, DOMAIN, SECURE, HTTP ONLY that were used to create the cookie in the first place.

 

Using 0 as the expiration time for cookie, sets the cookie to expire when the browser windows are closed.

If you want to delete the cookie before then, you should set the cookie time to expire using a time less then current time.

 

time()-3600 will set the expiration time to an hour ago, which means the cookie is expired and will be deleted by browser on the spot.

setcookie(session_name(), '', time()-3600, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.