Page 1 of 1

Detecting cookie problem

Posted: Wed Nov 24, 2004 10:54 pm
by Wldrumstcs
Ok, I am using a script to detect a cookie set by the Login page. Here is the code:

Code: Select all

<?
IF($_COOKIE[username] == "" AND $_COOKIE[password] == "") {
$nav = "";
$welcome = "You are not logged in.  <a href='http://www.***.com/login.php'>Click here to login.</a>";
}ELSEIF($_COOKIE[username] != "" AND $_COOKIE[password] != ""){
 $nav = " | <a href='admin.php'>Admin</a>";
$welcome = "Welcome $_COOKIE[username].  <a href='logout.php'>Click here to logout.</a>";
} 
?>
The problem is that after I login and set the cookies and then close the window, the code will not pick up on the detected cookie after opening it again in a new window. The cookies still exist, but for some reason it won't do anything until I go back to the login page which DOES pick up on the cookies and redirects me saying that "I'm already logged in." Where is the error? After I am redirected, the above code DOES detect the cookies. Where is the problem?

Posted: Wed Nov 24, 2004 11:00 pm
by josh
for one thing $_COOKIE[username] should be $_COOKIE['username']

Posted: Wed Nov 24, 2004 11:07 pm
by Wldrumstcs
Ive used the $_COOKIE function without the quotes and it has worked fine. It doesn't change the effects of the above code.

Posted: Thu Nov 25, 2004 4:48 pm
by Wldrumstcs
*BUMP*

Posted: Thu Nov 25, 2004 5:07 pm
by josh
hmmm
Yeah I guess you could use it without quotes but it's "bad practice"...

did you try debugging?
at the begining of all your scripts add print_r($_COOKIE);

Posted: Thu Nov 25, 2004 5:57 pm
by rehfeld
you need to set an expires time on the cookie.

im betting you your arent doing this, in which case the browser only holds onto the cookie until the browser is cloased, also known as a session cookie.

Code: Select all

$expires = time() + 86400; // 1 day
setcookie('name', 'value', $expires);

but you login system is flawed. all you do is check for the existnce of cookies, you dont actually verfiy they should be logged in.

all someone has to do is manually add thier own cookies to their browser and they are now "logged in"

but if you site doesnt really need security, it doesnt really matter.

Posted: Thu Nov 25, 2004 6:04 pm
by Wldrumstcs
I have expiration times on the cookies. As for security, I will have MUCH more security on this site, but only after I get the intial scripts working.

Posted: Thu Nov 25, 2004 6:14 pm
by josh
Is your cookie actually getting set?

On the page where it is not reading the cookie try print_r($_COOKIE)
also try putting javascript into your address bar and hitting enter

Code: Select all

javascript:alert(document.cookie);