Usagi Posted April 4, 2014 Share Posted April 4, 2014 (edited) I've searched the web and tried every solution known to man but the cookie steadfastly clings to life. I am so frustrated that I could scream. if (isset($_POST['logout'])) { unset($_SESSION); unset($VMemberID); session_destroy(); setcookie("MLcookie_MemberID") ; // doesn't matter what this line is, the cookie is never deleted echo "** " . $_COOKIE["MLcookie_MemberID"] . " **"; } I've tried: setcookie("MLcookie_MemberID","",1); setcookie("MLcookie_MemberID",null,1); setcookie("MLcookie_MemberID",false,1); setcookie("MLcookie_MemberID",$VMemberID,time()-3600); setcookie("MLcookie_MemberID",$VMemberID,time()-3600."/"); and all variations and combinations of the above My script next checks to see if $VMemberID is not null, then reads the cookie. and finds that the cookie was not deleted and the person is STILL logged in. It also varies with browser. Wih IE if the logoff button is clicked a second time the user is logged off and the cookie is erased. With Chrome and Firefox, the user is never logged off nor cookie deleted no matter how many times logout is clicked. help me please bob Edited April 4, 2014 by Usagi Quote Link to comment Share on other sites More sharing options...
ginerjm Posted April 4, 2014 Share Posted April 4, 2014 You have to give the cookie a negative duration I believe. Also - per the Manual - you can't send a cookie once you have generated output, which the echo above is probably doing for you. Also - per the Manual - you are supposed to use all the same parameters (except expire) to delete a cookie. I do this all the time with my secured apps and simply respond to a client's request to log out with a set cookie with a time()-3600 as you tried in one of your examples. Note that the cookie will still exist in your session until the next script is called since they were loaded by the browser. At the end of your current script the brower will delete its cookie and the next start of your session will no reflect it. All this was found in the php manual - a wonderful resource! Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted April 4, 2014 Share Posted April 4, 2014 You can only make them expire by setting their expiration date to a time in the past. Also note when using setcookie() the affects will only take place on the next page request. This is why you should also destroy the associated $_COOKIE superglobal too,e g setcookie("MLcookie_MemberID",$VMemberID,time()-3600); // expire the cookie unset($_COOKIE['MLcookie_MemberID']); // and unset the cookie superglobal too otherwise $_COOKIE['MLcookie_MemberID'] will still be set untl the next page request. Quote Link to comment Share on other sites More sharing options...
requinix Posted April 4, 2014 Share Posted April 4, 2014 Also know that you have to match the existing cookie's domain and path parameters. So the checklist is: Calling setcookie() before any output Giving an expiration time in the past (not necessarily a negative number, just something ) Same domain as before Same path as before Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.