Cookie issue

[RMorrison]

I made a login for my site, and when testing it, I found that either the cookie is not setting or it is unsetting right after.

 

Code which handles login:

if (isset($_POST['login']))            {                $submitted_username = request_var('username', false);                $submitted_password = request_var('password', false);                if (!$submitted_username || !$submitted_password)                {                    $template_file = "user_login.html";                    $template->assign_var('ERROR', 1);                    $template->assign_var('MESSAGE', 'Error: Username or Password not supplied.');                    break;                }                $user_info = $user->user_login($submitted_username, $submitted_password);                if ($user_info)                {                    $sess_id = unique_id();                    setcookie('hs_user_sess', $sess_id, time()+(86400*30)); //Set cookie for 30 days to auto login.                    $session_info = array(                        'user_id' => $user_info['user_id'],                        'uniq_id' => $sess_id                    );                    $query = $db->build_query('insert', SESSION_TABLE, $session_info);                    if ($db->query($query))                    {                        $template_file = "user_message.html";                        $template->assign_var('ERROR', 0);                        $template->assign_var('MESSAGE', 'Success. User Logged in');                    }                    else                    {                        $template_file = "user_message.html";                        $template->assign_var('ERROR', 1);                        $template->assign_var('MESSAGE', 'Error: Unable to save session information');                        setcookie('hs_user_sess', '', time()-3600);                        break;                    }                    $userinfo = $user->get_user('session', $sess_id);                    if ($userinfo)                    {                        //Valid session so lets renew cookie and get info from database                        setcookie('hs_user_sess', $session, time() + (86400*30));                        $permissions = $user->get_permissions($userinfo['user_id']);                        $userinfo['permissions'] = $permissions;                        $userinfo['logged_in'] = 1;                        $user->user_info = $userinfo;                    }                }                else                {                    $template_file = "user_login.html";                    $template->assign_var('ERROR', 1);                    $template->assign_var('MESSAGE', 'Error: Incorrect Username/Password combination');                }            }

 

Code which grabs info from database at start if the cookie exists:

if (isset($_COOKIE['hs_user_sess'])){    $session = $db->clean($_COOKIE['hs_user_sess']);    $userinfo = $user->get_user('session', $session);    if ($userinfo)    {        //Valid session so lets renew cookie and get info from database        setcookie('hs_user_sess', $session, time()+(86400*30));        $permissions = $user->get_permissions($userinfo['user_id']);        $userinfo['permissions'] = $permissions;        $userinfo['logged_in'] = true;        $user->user_info = $userinfo;    }    else    {        //Not valid session so lets remove cookie        setcookie('hs_user_sess', '', time() - 3600);    }}

 

I wholly expect this to be some silly error on my part as I wrote this while at work earlier today and i'm tired and can't for the life of me work it out now.

 

Thanks in advance.

 

[Mlaaa]

Are u using

error_reporting(E_ALL);
ini_set('error_reporting', 1);
var_dump($_COOKIE);

And i think that u need to check if user is logged in ( if cookie exists ) before u try to login.

[mac_gyver]

the code at the top of your post has - setcookie('hs_user_sess', $session, time() + (86400*30));, but there is no $session variable present in that code, so it would set the cookie to an empty value.

 

also, break; only works for loops and switch statements. it has no affect on if() statements, so in the cases where you have used it in the code above, all the logic is still being executed.

 

if your code testing if the cookie is set is being executed on the same page request where you are setting the cookie, the $_COOKIE variable won't be set until the browser makes a request to the web server after you have set the cookie.

[RMorrison]

the code at the top of your post has - setcookie('hs_user_sess', $session, time() + (86400*30));, but there is no $session variable present in that code, so it would set the cookie to an empty value.

 

also, break; only works for loops and switch statements. it has no affect on if() statements, so in the cases where you have used it in the code above, all the logic is still being executed.

 

if your code testing if the cookie is set is being executed on the same page request where you are setting the cookie, the $_COOKIE variable won't be set until the browser makes a request to the web server after you have set the cookie.

 

The first line was actually the problem. Should have been $sess_id here. The code supplied was part of a switch statement in this case which is why I had break in there. I also modified the check in common.php not to do the check if the user is mid-login in this case.