cshoffie Posted March 14, 2008 Share Posted March 14, 2008 So I'm creating a user login system with various security features. One of which is a cookie verification. When a user logs in, I generate a cookie using this function: $val = md5(uniqid(rand(), true)); and then I set it: setcookie('token', $val, (time() + 3600), '/', '', 0); Then after that I send the value of the cookie to the database to store for verification purposes later. Now I'm trying to write out the verification function to compare what's stored in the clients cookie file to the database. Here's the odd part: For some reason when I call $_COOKIE['token'] they just weren't matching up, so I physically looked in the cookie file and found the hash, and then physically looked in the database and compared them myself, and they ARE THE SAME. I don't know why but the $_COOKIE var is showing something COMPLETELY different then what the database AND the physical cookie file are actually showing! Now here's an even weirder part: When I try and log in again, it does what it's supposed to do (assigns a new value to the cookie and then updates the DB with that value), BUT $_COOKIE is now showing the hash that the cookie and database was showing BEFORE the refresh (re-login). It's like the $_COOKIE variable is one step BEHIND the actual cookie/DB. For instance, I log in to see the cookie's value echoed on page for test purposes: Cookie: f17ed3e99d9a3d3a2408fc732e34c4ee (echoed) So I look in the physical cookie file and in the database and see: df079d5b0d3acbae5d8e5bef6872d968 (??? Different!?) So I relogin and see on screen: Cookie: df079d5b0d3acbae5d8e5bef6872d968 (echoed) (The same that was in the database a previous login ago!) But now the cookie and database are set to: e188beccef95c759d44ed4a9f34ea0c7 So why is the $_COOKIE var one step behind and is not showing what's actually in the physical cookie/DB?? I'm so stumped. I've gone through my code SO many times to check for possible errors.... nothing. What's going on? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted March 14, 2008 Share Posted March 14, 2008 Cookies are only sent from the browser to the server when a page is requested. As the php manual states - Cookies will not become visible until the next loading of a page that the cookie should be visible for. To test if a cookie was successfully set, check for the cookie on a next loading page before the cookie expires Quote Link to comment Share on other sites More sharing options...
cshoffie Posted March 14, 2008 Author Share Posted March 14, 2008 Ah thanks man, I appreciate it! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.