Jump to content

Cookie issue


RMorrison
Go to solution Solved by mac_gyver,

Recommended Posts

I made a login for my site, and when testing it, I found that either the cookie is not setting or it is unsetting right after.

 

Code which handles login:

if (isset($_POST['login']))            {                $submitted_username = request_var('username', false);                $submitted_password = request_var('password', false);                if (!$submitted_username || !$submitted_password)                {                    $template_file = "user_login.html";                    $template->assign_var('ERROR', 1);                    $template->assign_var('MESSAGE', 'Error: Username or Password not supplied.');                    break;                }                $user_info = $user->user_login($submitted_username, $submitted_password);                if ($user_info)                {                    $sess_id = unique_id();                    setcookie('hs_user_sess', $sess_id, time()+(86400*30)); //Set cookie for 30 days to auto login.                    $session_info = array(                        'user_id' => $user_info['user_id'],                        'uniq_id' => $sess_id                    );                    $query = $db->build_query('insert', SESSION_TABLE, $session_info);                    if ($db->query($query))                    {                        $template_file = "user_message.html";                        $template->assign_var('ERROR', 0);                        $template->assign_var('MESSAGE', 'Success. User Logged in');                    }                    else                    {                        $template_file = "user_message.html";                        $template->assign_var('ERROR', 1);                        $template->assign_var('MESSAGE', 'Error: Unable to save session information');                        setcookie('hs_user_sess', '', time()-3600);                        break;                    }                    $userinfo = $user->get_user('session', $sess_id);                    if ($userinfo)                    {                        //Valid session so lets renew cookie and get info from database                        setcookie('hs_user_sess', $session, time() + (86400*30));                        $permissions = $user->get_permissions($userinfo['user_id']);                        $userinfo['permissions'] = $permissions;                        $userinfo['logged_in'] = 1;                        $user->user_info = $userinfo;                    }                }                else                {                    $template_file = "user_login.html";                    $template->assign_var('ERROR', 1);                    $template->assign_var('MESSAGE', 'Error: Incorrect Username/Password combination');                }            }

 
Code which grabs info from database at start if the cookie exists:
if (isset($_COOKIE['hs_user_sess'])){    $session = $db->clean($_COOKIE['hs_user_sess']);    $userinfo = $user->get_user('session', $session);    if ($userinfo)    {        //Valid session so lets renew cookie and get info from database        setcookie('hs_user_sess', $session, time()+(86400*30));        $permissions = $user->get_permissions($userinfo['user_id']);        $userinfo['permissions'] = $permissions;        $userinfo['logged_in'] = true;        $user->user_info = $userinfo;    }    else    {        //Not valid session so lets remove cookie        setcookie('hs_user_sess', '', time() - 3600);    }}

 
I wholly expect this to be some silly error on my part as I wrote this while at work earlier today and i'm tired and can't for the life of me work it out now.
 
Thanks in advance.

 

Link to comment
Share on other sites

  • Solution

the code at the top of your post has - setcookie('hs_user_sess', $session, time() + (86400*30));, but there is no $session variable present in that code, so it would set the cookie to an empty value.

 

also, break; only works for loops and switch statements. it has no affect on if() statements, so in the cases where you have used it in the code above, all the logic is still being executed.

 

if your code testing if the cookie is set is being executed on the same page request where you are setting the cookie, the $_COOKIE variable won't be set until the browser makes a request to the web server after you have set the cookie.

Link to comment
Share on other sites

the code at the top of your post has - setcookie('hs_user_sess', $session, time() + (86400*30));, but there is no $session variable present in that code, so it would set the cookie to an empty value.

 

also, break; only works for loops and switch statements. it has no affect on if() statements, so in the cases where you have used it in the code above, all the logic is still being executed.

 

if your code testing if the cookie is set is being executed on the same page request where you are setting the cookie, the $_COOKIE variable won't be set until the browser makes a request to the web server after you have set the cookie.

 

The first line was actually the problem. Should have been $sess_id here. The code supplied was part of a switch statement in this case which is why I had break in there. I also modified the check in common.php not to do the check if the user is mid-login in this case.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.