Adthegreat Posted May 8, 2006 Share Posted May 8, 2006 For security reason i set a cookie every time someone logs in like this[code] setcookie(activsessid,$activsessid, time()+360000);[/code]Then on my logout button i have tried lots of differnet things but at the moment my code is[code]setcookie(activsessid);[/code]but for some reason the cookie remains, i have tried setting a time()-100 and other stuff, but it wont work.And N.B, i know the cookie is still there because it appeares when i dojavascript:alert(document.cookie).Can anyone help?Thanks in Advance! Quote Link to comment https://forums.phpfreaks.com/topic/9340-cookie-killing/ Share on other sites More sharing options...
Prismatic Posted May 8, 2006 Share Posted May 8, 2006 [!--quoteo(post=372407:date=May 8 2006, 03:59 PM:name=Adthegreat)--][div class=\'quotetop\']QUOTE(Adthegreat @ May 8 2006, 03:59 PM) [snapback]372407[/snapback][/div][div class=\'quotemain\'][!--quotec--]For security reason i set a cookie every time someone logs in like this[code] setcookie(activsessid,$activsessid, time()+360000);[/code]Then on my logout button i have tried lots of differnet things but at the moment my code is[code]setcookie(activsessid);[/code]but for some reason the cookie remains, i have tried setting a time()-100 and other stuff, but it wont work.And N.B, i know the cookie is still there because it appeares when i dojavascript:alert(document.cookie).Can anyone help?Thanks in Advance![/quote][code]setcookie(activsessid,$activsessid, time()-360000);[/code] Quote Link to comment https://forums.phpfreaks.com/topic/9340-cookie-killing/#findComment-34422 Share on other sites More sharing options...
Adthegreat Posted May 8, 2006 Author Share Posted May 8, 2006 [!--quoteo(post=372409:date=May 8 2006, 10:09 PM:name=Prismatic)--][div class=\'quotetop\']QUOTE(Prismatic @ May 8 2006, 10:09 PM) [snapback]372409[/snapback][/div][div class=\'quotemain\'][!--quotec--][code]setcookie(activsessid,$activsessid, time()-360000);[/code][/quote]Didn't work!Probably because $activsessid is not defined on the page, but would register globals take it from $_COOKIE[activsessid] where it is defined? Quote Link to comment https://forums.phpfreaks.com/topic/9340-cookie-killing/#findComment-34424 Share on other sites More sharing options...
wildteen88 Posted May 8, 2006 Share Posted May 8, 2006 You wont be able to delete a cookie of off a users cvomputer. However you can set the cookie with blank values apart from the name and set the expire time sometime back in the past.That should stop the browser from using the cookie again. Quote Link to comment https://forums.phpfreaks.com/topic/9340-cookie-killing/#findComment-34429 Share on other sites More sharing options...
Adthegreat Posted May 8, 2006 Author Share Posted May 8, 2006 [!--quoteo(post=372416:date=May 8 2006, 10:24 PM:name=wildteen88)--][div class=\'quotetop\']QUOTE(wildteen88 @ May 8 2006, 10:24 PM) [snapback]372416[/snapback][/div][div class=\'quotemain\'][!--quotec--]You wont be able to delete a cookie of off a users cvomputer. However you can set the cookie with blank values apart from the name and set the expire time sometime back in the past.That should stop the browser from using the cookie again.[/quote]I appreciate the insight. edit: Problem still there! It works on my Internet Explorer but not on my friends computer and my firefox!Code is now [code]setcookie('activsessid', '', time()-360000);[/code] Quote Link to comment https://forums.phpfreaks.com/topic/9340-cookie-killing/#findComment-34436 Share on other sites More sharing options...
High_-_Tek Posted May 8, 2006 Share Posted May 8, 2006 Short and simple[code]<?phpunset($_COOKIE['activsessid']);?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/9340-cookie-killing/#findComment-34450 Share on other sites More sharing options...
Adthegreat Posted May 8, 2006 Author Share Posted May 8, 2006 [!--quoteo(post=372438:date=May 8 2006, 11:16 PM:name=High_-_Tek)--][div class=\'quotetop\']QUOTE(High_-_Tek @ May 8 2006, 11:16 PM) [snapback]372438[/snapback][/div][div class=\'quotemain\'][!--quotec--]Short and simple[code]<?phpunset($_COOKIE['activsessid']);?>[/code][/quote]This doesn't work, i have tried with quotes, without, and it is right after my opening <?php on logout.php.This is so frustrating, it just doesnt make sense... Quote Link to comment https://forums.phpfreaks.com/topic/9340-cookie-killing/#findComment-34451 Share on other sites More sharing options...
toplay Posted May 9, 2006 Share Posted May 9, 2006 PHP and JavaScript cookie values are initially availabe at different times. Examine this sample code and it's output underneath it:[code]<?PHP// Start buffering to allow JS before PHP setcookieob_start();?><script lang="javascript">document.write("JS - before PHP setcookie: " + document.cookie + "<br/>");</script><?PHPif (isSet($_COOKIE['activsessid'])) { $value = $_COOKIE['activsessid'];} else { setcookie('activsessid', '123'); // Not set the first time and this demonstrates that $value = isSet($_COOKIE['activsessid']) ? $_COOKIE['activsessid'] : 'Not Set';}echo "_COOKIE['activsessid'] value = $value <br/>";?><script lang="javascript">document.write("JS - after PHP setcookie: " + document.cookie + "<br/>");</script>[/code][quote]JS - before PHP setcookie: activsessid=123_COOKIE['activsessid'] value = Not SetJS - after PHP setcookie: activsessid=123[/quote][quote]JS - before PHP setcookie: activsessid=123_COOKIE['activsessid'] value = 123JS - after PHP setcookie: activsessid=123[/quote]As you can see from the output example above, the $_COOKIE values aren't available to use in PHP on the first run or setting of the cookie. However, you'll notice that JavaScript has the cookie value available on the first run. Even before the PHP setcookie is even invoked (as it seems). But the truth of the matter is that PHP setcookie() sends out HTTP headers which by the time the page is loaded JavaScript already has available.Examine this sample code that deletes the cookie and it's output underneath it:[code]<?PHP// Start buffering to allow JS before PHP setcookieob_start();?><script lang="javascript">document.write("JS - before PHP setcookie to delete: " + document.cookie + "<br/>");</script><?PHP$value = isSet($_COOKIE['activsessid']) ? $_COOKIE['activsessid'] : 'Not Set';echo "_COOKIE['activsessid'] value before delete = $value <br/>";setcookie('activsessid', '', time() - 86400);$value = isSet($_COOKIE['activsessid']) ? $_COOKIE['activsessid'] : 'Not Set';echo "_COOKIE['activsessid'] value after delete = $value <br/>";?><script lang="javascript">document.write("JS - after PHP setcookie to delete: " + document.cookie + "<br/>");</script>[/code][quote]JS - before PHP setcookie to delete:_COOKIE['activsessid'] value before delete = 123_COOKIE['activsessid'] value after delete = 123JS - after PHP setcookie to delete:[/quote][quote]JS - before PHP setcookie to delete:_COOKIE['activsessid'] value before delete = Not Set_COOKIE['activsessid'] value after delete = Not SetJS - after PHP setcookie to delete:[/quote]Again, JavaScript knows the cookie is deleted before PHP does.If you want PHP to recognize the cookie is delete in the first delete cookie run, then as already pointed out, you can use unset(). So, changing the delete cookie code to include the unset():[code]...setcookie('activsessid', '', time() - 86400);unset($_COOKIE['activsessid']);...[/code]will produce the following output:[quote]JS - before PHP setcookie to delete: _COOKIE['activsessid'] value before delete = 123 _COOKIE['activsessid'] value after delete = Not Set JS - after PHP setcookie to delete: [/quote]and that allows PHP to know the cookie got deleted right away.If you specified an expiration when first creating the cookie, then it's generally a good idea to make the cookie expiration time at least a day in the past (- 86400), in case your server and the user's computer have different clocks.FYI: The examples given behave the same way in IE and Firefox (it makes no difference). Quote Link to comment https://forums.phpfreaks.com/topic/9340-cookie-killing/#findComment-34489 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.