I can't get a php cookie to expire

PMWD

PMWD

PMWD

Associate
Joined
8 Aug 2008
Posts
302
Setting the values with:

Code: 
$plus = 60*60*24*180;
$future = time() + $plus;
setcookie("username", "$username", $future);
setcookie("password", "$password", $future);

and trying to remove them

Code: 
$past = time() - 3600;
setcookie("username", "", $past);
setcookie("password", "", $past);

but they're being retained? I can output the correct values from the cookie that have supposed to have been expired and it's doing my head in!

Thanks
 
Don't forget that it doesn't take effect until the next page load. So if you do the setcookie call of say setcookie('username', '', -3000); $_COOKIE['username'] will still contain it's original value within that instance. Only on a subsequent browser page load will it not exist.

Think of it as an instruction to the browser, when the script finishes executing one of the headers it sends tells the browser to update it's stored cookie, the currently executing instance still has the values that it received from the browser for that request.
 
Yeah it's still having none of it. I've put it on a separate page but it just will not can the damn thing!
 
Hi Marc

I've tried both, a header redirect and also a 'logout' page load with the new cookie settings at the top. A link on the logout page back to the login page should bring up the form, but it always acts like it's already logged in.

Here's my code

PHP: 
// Session is started by a separate file here

if(isset($_GET["page"]) && $_GET["page"] == "logout")
{
     // The user has gone to the logout page
     // Expire the cookie and give them the option to navigate to log back in
        $minus = 60*60*24*180;
	$past = time() - 3600;
	setcookie("username", "", $past);
	setcookie("password", "", $past);
	
	$_SESSION = array();	
	if(isset($_COOKIE[session_name()]))
        { setcookie(session_name(), '', time()-42000); }
	session_destroy();
}// if(isset($_GET["page"]) && $_GET["page"] == "logout")
elseif(isset($_COOKIE["username"]) && isset($_COOKIE["password"]))
{
        // On arrival to each page, check the cookie against the DB for access
	$username = addslashes($_COOKIE["username"]);
	$password = addslashes($_COOKIE["password"]);
	$query = "SELECT user_active, user_first_name, user_surname, manager_id FROM ca_users WHERE user_email='$username' AND user_password='$password' LIMIT 1";
	$result = mysql_query($query) or die(mysql_error());
	$nor = mysql_num_rows($result);
	if($nor > 0)
	{
		$ua = mysql_result($result,0,0);
		$ufn = mysql_result($result,0,1);
		$us = mysql_result($result,0,2);
		$cmi = mysql_result($result,0,3);
		if($ua == 1)
		{
			$access = 1;
		}// if($ua == 1)
	}// if($nor > 0)
}// if(isset($_COOKIE["username"]) && isset($_COOKIE["password"]))
elseif(isset($_POST["login"]))
{
	$username = addslashes(trim($_POST["username"]));
	$password = addslashes(trim($_POST["password"]));
	$query = "SELECT user_active FROM ca_users WHERE user_email='$username' AND user_password='$password' LIMIT 1";
	$result = mysql_query($query) or die(mysql_error());
	$nor = mysql_num_rows($result);
	if($nor > 0)
	{
		$ua = mysql_result($result,0,0);
		if($ua == 1)
		{
			$plus = 60*60*24*180;
			$future = time() + $plus;
			setcookie("username", "$username", $future);
			setcookie("password", "$password", $future);
			header("Location: http://www.website.com/customer-area/");
		}// if($ua == 1)
		else
		{
			$em = "Sorry, your account has not yet been activated<br />";
		}// else to if($ua == 1)
	}// if($nor > 0)
	else
	{
		$em = "Sorry, your account was not found on our system, please <a href=\"/customer-area/registration/\">register here</a><br />";
	}// else to if($nor > 0)
}// elseif(isset($_POST["login"]))
 
Woohoo seem to have fixed it, I used

Code: 
setcookie("username", "", $past, "/customer-area/", ".website.com");
setcookie("password", "", $past, "/customer-area/", ".website.com");

and it seems to have done the trick!
 
You must log in or register to reply here.
Back
Top Bottom