Cookie is killing me

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
dyluck
Forum Commoner
Posts: 54
Joined: Thu Jun 26, 2008 1:44 pm

Cookie is killing me

Post by dyluck »

Hi. I hope someone can help me... this is really obscure.
I wrote a login script which works perfectly fine in firefox and did work in explorer.. all of a sudden, out of the blue, it doesn't work in explorer...

here is the code, do you guys see anything wrong with this?

Code: Select all

 
$randomnumber = md5($rannum);
$time = 30 + time();
$domain = '.mydomain.com';   
setcookie("MydomainVar", $randomnumber, $time, "/", $domain);
I have tried (incase the time syntax was wrong for some reason):

Code: Select all

 
$randomnumber = md5($rannum);
$time = time()+30;
$domain = '.mydomain.com';   
setcookie("MydomainVar", $randomnumber, $time, "/", $domain);[/
Still doesn't work...

Now if I set the cookie to the following, it works.

Code: Select all

 
$randomnumber = md5($rannum);
$domain = '.mydomain.com';   
setcookie("MydomainVar", $randomnumber, 0, "/", $domain);
This is only for a login script so want the cookie to expire within 30 seconds.

What am I doing wrong? The key is that it works in firefox and it did work in explorer.

Thanks for your help!!
User avatar
dyluck
Forum Commoner
Posts: 54
Joined: Thu Jun 26, 2008 1:44 pm

Re: Cookie is killing me

Post by dyluck »

oh ya... here is a real kicker... this one works on my index page just fine..

$Month = 2592000 + time();
$rid = $_GET[rid];
setcookie(CookieRef, $rid, $Month);

I want to stab myself in the eyeball! :banghead:
User avatar
Zoxive
Forum Regular
Posts: 974
Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan

Re: Cookie is killing me

Post by Zoxive »

Is there a reason you can't use Sessions?

I think its just a lot easier, and you can store a lot more information quickly. And its not stored on the clients computer, its stored on the servers file system. (By default)

Code: Select all

 
session_start(); // top of every page accessing session data.
 
$_SESSION['myvar'] = 'HI';
 
// Diff page
session_start(); // top of page
 
echo $_SESSION['myvar']; // echos Hi
 
User avatar
dyluck
Forum Commoner
Posts: 54
Joined: Thu Jun 26, 2008 1:44 pm

Re: Cookie is killing me

Post by dyluck »

Yeah I actually have sessions also. This is a login script so there are a few safeguards.
I have a session storing the username and a super hashed password. The cookie stores a hashed random variable which is saved to a database. The session variable is also saved to the database.

Am I able to create a session that only lasts 15-30 seconds? Why is it that a cookie with a longer expiry works and one with a short expiry doesn't?
User avatar
Zoxive
Forum Regular
Posts: 974
Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan

Re: Cookie is killing me

Post by Zoxive »

Oh i didnt realize it was for such a short cookie. Im pretty sure the smallest firefox will set is 60 seconds. IE 7 i believe is 120 seconds. Why such a short length?
User avatar
dyluck
Forum Commoner
Posts: 54
Joined: Thu Jun 26, 2008 1:44 pm

Re: Cookie is killing me

Post by dyluck »

It's probably a redundant step but I just want a cookie active long enough to login.
I do have a few other precautions but I basicly am trying to doop cookie hijackers. The login and the actual protected pages require different authentication methods and a different cookie which will hopefully confuse hackers or at least <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> them off. I have a completely different hash and different authentication method while browsing protected pages. Basicly it ensures that someone HAS to go through the login sequence before they can access internal paged. I am just doing mysql anti injection measures right now too...
it's sad that we have to do so much security measures... Imagine an internet without having to lock the door? LOL

Ok I am going to try 120 seconds to see what happens. I think 120 seconds is good and then I will kill the cookie once they are logged in. That way if the cookie doesn't get killed then it will commit suicide after 120 seconds :P
User avatar
dyluck
Forum Commoner
Posts: 54
Joined: Thu Jun 26, 2008 1:44 pm

Re: Cookie is killing me

Post by dyluck »

Well ok, so it was the compatibility of Explorer and minimum cookie expiry time.
Firefox can handle 30 second cookies no problem
Explorer was 4 minutes.... I tried 120 seconds then 180 it wasn't until I tried 240s econds that it worked!

Thanks for your help!!!!!
My issue is resolved. :drunk:
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Cookie is killing me

Post by John Cartwright »

security through obscurity is not security at all
Post Reply