cookie not destroyed in IE but it is in Mozilla Firefox

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kryles
Forum Contributor
Posts: 114
Joined: Fri Feb 01, 2008 7:52 am

cookie not destroyed in IE but it is in Mozilla Firefox

Post by kryles »

Hi,

I created a login that allows a user to set a cookie. Then when they logout it destroys the cookie (and session variables). I also have a profile page that checks if the cookie is set, if not you get an error message saying you aren't logged in and if it is displays profile info.

I've done the following which results in differently in IE and Mozilla.

1)Login and choose remember (cookie is set).
2)Logout.
3)Go to profile page.

Mozilla gives an error message (as it should) and IE displays the users profile (gah!). I've also manually watched the cookies, and they are destroyed in Mozilla but not IE6.0

Code: Select all

 
 
/* functions */
 
function checkUserCookie($refreshTo, $refresh)
{
    if(isset($_COOKIE['USER']) && isset($_COOKIE['PASS']))
    {
        /*     Cookie is found, check ID and password
            If both match set SESSION variables
            and continue to Index
                                                    */
 
        $safe_id = mysql_real_escape_string(trim(strip_tags($_COOKIE['USER'])));
        $safe_pass = mysql_real_escape_string(trim(strip_tags($_COOKIE['PASS'])));
 
 
        $query = "    SELECT count(*)
                    FROM Customers
                    WHERE custID = '".$safe_id."' AND custPassword = '".$safe_pass."'";
 
        $result = mysql_query($query);
 
        $count = mysql_result($result,0,0);
 
        if($count == 1)
        {
            $_SESSION['auth'] = true;
            $_SESSION['userID'] = $safe_id;
 
            if($refresh === true)
            {
                header( "Location: ".URL."/".$refreshTo."");
                die();
            }
        }
    }
}
 
 

Code: Select all

 
 
/* login */
session_start();
session_cache_limiter('none');
 
if($_GET['action'] == "login")
{
/* ..... validation and setting session variables here ... */
    if(isset($_POST['remember']))
    {
        setcookie("USER",$_SESSION['userID'],time()+(21 * 24 * 60 * 60),'/');
        setcookie("PASS",$password,time()+(21 * 24 * 60 * 60),'/');
    }
}
 

Code: Select all

 
 
/* index */
 
session_start();
session_cache_limiter('none');
 
if($_GET['action'] == "logout")
{
    setcookie('PASS','$_SESSION["userID"]',time() - 60*60);
    setcookie('USER','',time() - 60*60);
    session_destroy();
    header('Location: url/login.php');
}
 
 

Code: Select all

 
 
/* Profile.php */
 
session_start();
session_cache_limiter('none');
 
checkUserCookie("", false);
 

I've omitted code obviously, but any idea why it would work for one and not the other?
Post Reply