Page 1 of 1

cookie problem

Posted: Fri Nov 09, 2007 9:13 am
by itsmani1
Here is my code for cookie

Code: Select all

setcookie("cookname", $_POST["login"], time()+60*60*24*100, "ideas/");
			setcookie("cookpass", $_POST["pass"], time()+60*60*24*100, "ideas/");
			
			echo $_COOKIE['cookname'];
			exit;
Here is error:
Notice: Undefined index: cookname in C:\wamp\www\ideas\login.php on line 27

any idea?

thanks

Posted: Fri Nov 09, 2007 9:19 am
by seppo0010
The cookie won´t be set on $_COOKIE until the user submits in, on the next HTTP request...

The $_COOKIE array is created when the script starts, it is not modified on the run by setcookie function

Posted: Fri Nov 09, 2007 10:13 am
by itsmani1
sorry did not get what you mean, can you please explain it and possibly give solution?

Posted: Fri Nov 09, 2007 11:56 am
by Zoxive
itsmani1 wrote:sorry did not get what you mean, can you please explain it and possibly give solution?
He means exactly what he said. Cookies are not created until the Next Refresh/Page load.

And alternate solution is Sessions.


Setting User Passwords in Cookies are never a good idea, ever.

Posted: Fri Nov 09, 2007 12:06 pm
by John Cartwright
Why are you storing the password in a cookie? Big no no

Posted: Sun Nov 11, 2007 7:04 am
by itsmani1
well i was doing this because i want to implement remember me system on login
is there any better way?

thank you
dizyn

Posted: Sun Nov 11, 2007 8:36 am
by John Cartwright
The simplest way is to create some kind of key and store this in the users table, then compare the key with the one in the cookie. We have talked about this many times before, have you looked at any of the previous threads?

Posted: Sun Nov 11, 2007 11:01 am
by phpBuddy
Jcart wrote:The simplest way is to create some kind of key and store this in the users table,
then compare the key with the one in the cookie.
We have talked about this many times before,
have you looked at any of the previous threads?
I have also seen the use of a special table
where userid and several cookiedata are stored.
This table is used for some security matching testing. A special key called 'serial' is checked/updated each visit.
To prevent use of 'stolen cookie', 'cookie theft'.

Here is the article:
Improved Persistent Login Cookie Best Practice
http://jaspan.com/improved_persistent_login_cookie_best_practice
I have also seen a PHP Web application that use an implemention of this way refering to article.
But cant remember which one it is.

Now cookie theft does not happen too often.
And for a normal website we may do well with some less complicated cookie controls.