I want to create a remember me feature on my website using cookie.
when the user logout i want to destroy all session and cookies.
But the problem is i can't delete existing cookie.
i'am using CodeIgniter 4 framework
i already loaded cookie helper in my BaseController.
i tried this code in my logout controller :
delete_cookie('remember_me_token');
but that doesnt work, and also i tried this one :
set_cookie('remember_me_token', '', - 1209600); // set to minus
and the result is the same, i can't delete the cookie
please help :(
I followed up with a different approach using the setCookie function which was chained using the response and simply set the expiry time to -1.
$this->response->setCookie(['name' => 'token','value' => "" ,'expire' => '-1','domain' => $domain, 'path' => '/'])
Reference : https://codeigniter4.github.io/userguide/outgoing/response.html?highlight=set%20cookie
Related
I use laravel 5.4 framework and I want to delete remember me cookie in laravel. I've tried various ways like Session::flush() $request->session()->flush(); $request->session()->regenerate(true); $this->driver->manage()->deleteAllCookies(); and 'expire_on_close' => true, in config/session.php
$remembercokkie = Auth::guard('administrator');
$cokkie = Cookie::forget($remembercokkie);
return redirect('/')->withCookie($cookie);
but nothing happen still the user log in.
How do I fix this ?
To destroy a cookie, set it with a negative value for $minutes (the third argument).
return redirect('/')->withCookie(cookie('cookie_name', '', -1));
Source: http://coursesweb.net/laravel/cookies
In my Cakephp application, i have a session cookie with the name 'my_cookie' and it contains some random value 'QSD5111AS552DNJK'.
I observed that the value is same for the cookie (Before login and After login also). If i want to change the cookie value after login, what are the steps i have to follow.
And my code in core.php file
Configure::write('Session', array(
'defaults' => 'php',
'cookie' => 'my_cookie',
'timeout' => 4000
));
Please help me in this issue for getting more clarification.
I guess what you want to do is prevent session fixation, in that case it should be noted that CakePHP already does this for you out of the box. When using the authentication component, the session is being renewed before the authenticated user data is being written to it, and after the user data is being deleted on logout.
See
Source > AuthComponent::login()
Source > AuthComponent::logout()
For the sake of completeness, you can always renew the session manually, either via the session component in case you are in a controller
$this->Session->renew();
or by using the CakeSession class directly
App::uses('CakeSession', 'Model/Datasource');
CakeSession::renew();
I am facing some trouble with a conditional statement that uses cookies in PHP.
I would like to change the state of an image based on whether a cookie is set or not. Here is my code (in file MAIN.PHP):
$cookie = "d_content_vote_".$databaseArray['id'];
if(!isset($_COOKIE[$cookie])) {
// display image 1 if cookie is not set
}
else {
// display image 2 if cookie is set
}
The cookie value (of the timestamp) is set in ../INCLUDES/RATING.PHP, and I make an ajax call to that file. In order to debug, I did a print_r($_COOKIE) in RATING.PHP which gave me this:
Array
(
[d_content_vote_1] => 1402726678
[d_content_vote_4] => 1402727148
[PHPSESSID] => effa8778efbe1b3dfb5bb301e359997d
)
However, when I do a print_r($_COOKIE) in MAIN.PHP I do not get the d_content_vote_* cookies, only the session info.
How do I transfer the cookie that is set in rating.php so that I can use it in main.php. I have never faced this problem before.
[Additional info: I'm building the site on a MAMP server now]
I realised that my cookie was being set and the print_r was done in a file in a subdirectory (/includes) and therefore cannot be used in the root directory. In order to make it work in the root directory, I needed to add another attribute to the function:
setcookie($name, $value, $time, "/");
The last parameter "/" ensures that the cookie can be used in the root directory.
What about the cookie remove when a user make the log-out process? In case we use 4 parameters when setting the cookie, do we need to adopt the 4 parameters both in the log-out process?
setcookie($NomeCookieLogOut, "", time()-3600);
OR
setcookie($NomeCookieLogOut, "", time()-3600, "/");
I submit form to controller/complete action, set
$this->session->set_userdata('success', 3);
and then redirect to index action with redirect('controller', 'refresh');.
In my view I get
$success = $this->session->userdata('success');
do some work and then
$this->session->set_userdata('success', 0);
And it works fine, but when I reload page (it is an index action), I still get in $success 3, not 0. What am I missing?
I have seen many problems with codeigniter DB Session, and thus refuse to use it, to include the session not actually properly updating.
If you are interested I created a PHP Session based class that acts as a replacement, it benefits from backward compatability, but also a much easier way of using it.
Check out my Gist: https://gist.github.com/chazmead/1688becbcf11f897e962
To install you will need to replace the CI Session config in application/config/config.php to:
$config['session'] = (object)array(
'UID' => 'MY_SESSION_KEY',
'sess_expiration' => 7200,
'match_ip' => False,
'match_user_agent' => False
);
Then install the file to application/models/session.php
then instead of loading the CI session, just load this session model.
Using this is very easy, just assign variables to the session and it saves automatically, it also locks and unlocks the session so that async requests don't get locked up (which is a problem with PHP sessions)
For full backward compatability you may need to use $this->session = &$this->Session after loading the new model, otherwise you will have to make sure your calling session using Session (Uppercase S) as this is how CI models work. or install as a library instead..
The codeigniter by default managing session in COOKIE, more info
why the cookie value is not updated at once when i submit the form?
CI also provides setting to store session data in database table, if you store session in table this would work fine.
http://ellislab.com/codeigniter/user-guide/libraries/sessions.html
Recently i have made three Cake Apps and all three share this problem. The config is mostly stock and i use this as the session options.
Configure::write('Session', array(
'defaults' => 'php',
'cookie' => 'test'
));
After lots of googling everyone just suggests that the security level is too high, but i have never changed this value, it's:
Configure::write('Security.level', 'medium');
Edit: I have also tried with low security and no change.
I am only using basic auth to check if the user is logged in or not.
After logging in the cookie is set to expire three hours later and the expire date doesn't update until I log in again, is this normal?
I cant seem to replicate the problem at all, sometimes I will log in and the very next click will log me out again and other times it will last a while.
I am using Chrome on Windows 7 and there is no AJAX on the website.
Any ideas? Thanks.
Are you using Ajax. Is the problem only happening in IE?
IE uses a different Browser Agent string for Ajax calls to the browser itself. For extra security, Cake checks the browser agent and, in the case of IE, thinks another browser is trying to hijack the session as the agent is different.
You can disable this check with:
Configure::write('Session.checkAgent', false);
After running into the same problem I've found that this was caused by the Session.cookieTimeout value. Although the php session was still valid, the expiration date on the session cookie does not get refreshed.
This is now my session config
Configure::write('Session', array(
'defaults' => 'php',
'timeout' => 30, // The session will timeout after 30 minutes of inactivity
'cookieTimeout' => 1440, // The session cookie will live for at most 24 hours, this does not effect session timeouts
'checkAgent' => false,
'autoRegenerate' => true, // causes the session expiration time to reset on each page load
));
the problem is with sessions:
First check ur 'phpinfo();'
check if the sessions are file based.
if yes, go through the process.
create a new script file(php) which contains only this code:<?php var_dump(session_save_path());?>
run it if you get null or empty string then go for this process:
first create a directory in your root folder name it 'xyz' or whatever u want.
make it writable i.e. chmod 777.
go to the script where you start sessions and before starting the sessions change your session_save_path to the newly created directory. i.e.: session_save_path('pathToxyz');
and then you r done.
if in case the sessions are set as memory: no configuration is required. they just use system memory. in that case you would never have got in to this problem.
You are not the only one having issues with CakePHP sessions on Chrome browser.
Pixelastic fellow coder suggests the following fix, quote :
Just create file named session_custom.php in app/config/, drop the following lines in it:
// Killing this config that was causing so much trouble with Chrome
ini_set('session.referer_check', '');
// No session id in url
ini_set('session.use_trans_sid', 0);
// Using custom cookie name instead of PHPSESSID
ini_set('session.name', Configure::read('Session.cookie'));
// Cookie like time, depending on security level
ini_set('session.cookie_lifetime', $this->cookieLifeTime);
// Cookie path
ini_set('session.cookie_path', $this->path);
Then set Configure::write('Session.save', 'session_custom'); in your core.php file.