Cookies always stay

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
iknownothing
Forum Contributor
Posts: 337
Joined: Sun Dec 17, 2006 11:53 pm
Location: Sunshine Coast, Australia

Cookies always stay

Post by iknownothing »

Hey Guys, I have the following Code:

Code: Select all

if(isset($_POST['dothelogout'])){
	unset($_SESSION['sessid']);
	unset($_SESSION['hurley']);
	unset($_SESSION['displayname']);
	setcookie("abc", "", time()-3600);
	setcookie("PHPSESSID", "", time()-3600);
	unset($_COOKIE['abc']);
	unset($_COOKIE['PHPSESSID']);
	
}

if (isset($_COOKIE['abc'])){
	$checktheuser = $_COOKIE['abc'];
	$result = mysql_query("SELECT * FROM clientDetails WHERE clientusername = '$checktheuser'");
		while ($row = mysql_fetch_array($result)){
			$theusername = $row['clientusername'];
			$displayname = $row['businessname'];
			$d2 = $row['firstname'];
		}

			$_SESSION['sessid'] = session_id();
			$_SESSION['hurley'] = $theusername;
			$_SESSION['displayname'] = $d2 . " (" . $displayname . ")";
			setcookie("abc", $checktheuser, time()+1209600);
}
The first chunk is the logout script, which appears to working ok, I have $_COOKIE and $_SESSION print_r'd below, and after logout, both the cookie and session arrays are empty. The second chunk, is to establish whether or not the user clicked "remember me" when they logged in, if so, a cookie would have been created. Now, after the logout script has run, if I then go to a new page, all my Session and Cookie data has returned, which can only be possible by the second chunk above, but in order for it to run, $_COOKIE['abc'] has to be set, and I explicitly unset it in the logout script, so can anyone see why this would be happening?

Just tested in Firefox, and it looks to be an IE problem only somehow.


Thanks.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You may want to set the cookie's timestamp a bit farther back than one hour. .... like several months, or at least days.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

feyd wrote:You may want to set the cookie's timestamp a bit farther back than one hour. .... like several months, or at least days.
Or years. Really strange results happens when users have their computer clocks set say, a year in the past. Session data can get set to the value of 'deleted' and so can the cookie related to the session.

This caused me a bit of a hassle a while back when users would randomly get logged in as other users. I found out that those users had one thing in common -- their computer clocks were way off (often the right time, just years in the past), and their session id would be set to 'deleted', thus checking the session id was the same across all of the effected users.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Post by Jonah Bron »

I have a second-to-hours-&-minutes converter here: http://www.nucleussystems.com/blog/web/handy/
click on "Convert'er", to the left.
Post Reply