Detecting cookie problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Wldrumstcs
Forum Commoner
Posts: 98
Joined: Wed Nov 26, 2003 8:41 pm

Detecting cookie problem

Post by Wldrumstcs »

Ok, I am using a script to detect a cookie set by the Login page. Here is the code:

Code: Select all

<?
IF($_COOKIE[username] == "" AND $_COOKIE[password] == "") {
$nav = "";
$welcome = "You are not logged in.  <a href='http://www.***.com/login.php'>Click here to login.</a>";
}ELSEIF($_COOKIE[username] != "" AND $_COOKIE[password] != ""){
 $nav = " | <a href='admin.php'>Admin</a>";
$welcome = "Welcome $_COOKIE[username].  <a href='logout.php'>Click here to logout.</a>";
} 
?>
The problem is that after I login and set the cookies and then close the window, the code will not pick up on the detected cookie after opening it again in a new window. The cookies still exist, but for some reason it won't do anything until I go back to the login page which DOES pick up on the cookies and redirects me saying that "I'm already logged in." Where is the error? After I am redirected, the above code DOES detect the cookies. Where is the problem?
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

for one thing $_COOKIE[username] should be $_COOKIE['username']
Wldrumstcs
Forum Commoner
Posts: 98
Joined: Wed Nov 26, 2003 8:41 pm

Post by Wldrumstcs »

Ive used the $_COOKIE function without the quotes and it has worked fine. It doesn't change the effects of the above code.
Wldrumstcs
Forum Commoner
Posts: 98
Joined: Wed Nov 26, 2003 8:41 pm

Post by Wldrumstcs »

*BUMP*
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

hmmm
Yeah I guess you could use it without quotes but it's "bad practice"...

did you try debugging?
at the begining of all your scripts add print_r($_COOKIE);
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

you need to set an expires time on the cookie.

im betting you your arent doing this, in which case the browser only holds onto the cookie until the browser is cloased, also known as a session cookie.

Code: Select all

$expires = time() + 86400; // 1 day
setcookie('name', 'value', $expires);

but you login system is flawed. all you do is check for the existnce of cookies, you dont actually verfiy they should be logged in.

all someone has to do is manually add thier own cookies to their browser and they are now "logged in"

but if you site doesnt really need security, it doesnt really matter.
Wldrumstcs
Forum Commoner
Posts: 98
Joined: Wed Nov 26, 2003 8:41 pm

Post by Wldrumstcs »

I have expiration times on the cookies. As for security, I will have MUCH more security on this site, but only after I get the intial scripts working.
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

Is your cookie actually getting set?

On the page where it is not reading the cookie try print_r($_COOKIE)
also try putting javascript into your address bar and hitting enter

Code: Select all

javascript:alert(document.cookie);
Post Reply