cookie not destroyed in IE but it is in Mozilla Firefox
Posted: Mon Apr 07, 2008 11:19 am
Hi,
I created a login that allows a user to set a cookie. Then when they logout it destroys the cookie (and session variables). I also have a profile page that checks if the cookie is set, if not you get an error message saying you aren't logged in and if it is displays profile info.
I've done the following which results in differently in IE and Mozilla.
1)Login and choose remember (cookie is set).
2)Logout.
3)Go to profile page.
Mozilla gives an error message (as it should) and IE displays the users profile (gah!). I've also manually watched the cookies, and they are destroyed in Mozilla but not IE6.0
I've omitted code obviously, but any idea why it would work for one and not the other?
I created a login that allows a user to set a cookie. Then when they logout it destroys the cookie (and session variables). I also have a profile page that checks if the cookie is set, if not you get an error message saying you aren't logged in and if it is displays profile info.
I've done the following which results in differently in IE and Mozilla.
1)Login and choose remember (cookie is set).
2)Logout.
3)Go to profile page.
Mozilla gives an error message (as it should) and IE displays the users profile (gah!). I've also manually watched the cookies, and they are destroyed in Mozilla but not IE6.0
Code: Select all
/* functions */
function checkUserCookie($refreshTo, $refresh)
{
if(isset($_COOKIE['USER']) && isset($_COOKIE['PASS']))
{
/* Cookie is found, check ID and password
If both match set SESSION variables
and continue to Index
*/
$safe_id = mysql_real_escape_string(trim(strip_tags($_COOKIE['USER'])));
$safe_pass = mysql_real_escape_string(trim(strip_tags($_COOKIE['PASS'])));
$query = " SELECT count(*)
FROM Customers
WHERE custID = '".$safe_id."' AND custPassword = '".$safe_pass."'";
$result = mysql_query($query);
$count = mysql_result($result,0,0);
if($count == 1)
{
$_SESSION['auth'] = true;
$_SESSION['userID'] = $safe_id;
if($refresh === true)
{
header( "Location: ".URL."/".$refreshTo."");
die();
}
}
}
}
Code: Select all
/* login */
session_start();
session_cache_limiter('none');
if($_GET['action'] == "login")
{
/* ..... validation and setting session variables here ... */
if(isset($_POST['remember']))
{
setcookie("USER",$_SESSION['userID'],time()+(21 * 24 * 60 * 60),'/');
setcookie("PASS",$password,time()+(21 * 24 * 60 * 60),'/');
}
}
Code: Select all
/* index */
session_start();
session_cache_limiter('none');
if($_GET['action'] == "logout")
{
setcookie('PASS','$_SESSION["userID"]',time() - 60*60);
setcookie('USER','',time() - 60*60);
session_destroy();
header('Location: url/login.php');
}
Code: Select all
/* Profile.php */
session_start();
session_cache_limiter('none');
checkUserCookie("", false);
I've omitted code obviously, but any idea why it would work for one and not the other?