not able to unset cookie on https page

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Locked
abhi426
Forum Newbie
Posts: 2
Joined: Sat Sep 18, 2010 3:39 am

not able to unset cookie on https page

Post by abhi426 »

Hi All

I've been trying this over a week and its driving me crazy. I have a login page on https and rest of the website on normal http. I set the cookie of username and password on the login page.


setcookie("Remember_Cookies[username]", $txtusername, $time + 2592000); // Sets the cookie username for one month
setcookie("Remember_Cookies[password]", $txtpassword, $time + 2592000); // Sets the cookie password for one month

and then on index.php page, I unset it when user clicks on logout button.

if(!empty($logout))
{
$_SESSION['USER'] = "";
$_SESSION = "";
@session_destroy();

if(isset($_COOKIE['Remember_Cookies'])) // If the cookie 'Remember_Cookies is set, do the following;
{
$time = time();
setcookie("Remember_Cookies[username]",'', $time - 2592000);
setcookie("Remember_Cookies[password]",'', $time - 2592000);
}

THE PROBLEM IS that after I click on logout it is able to unset it on all the http pagesbut when I go on the login page, this cookie is set there and shows me the value. I'm NOT able to unset it on the login page ( i guess because thats a https) . please advice. i'm tried everything but its not working.

Thanks in advance.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: not able to unset cookie on https page

Post by Benjamin »

:arrow: Double Post = Locked
Locked