I use laravel 5.4 framework and I want to delete remember me cookie in laravel. I've tried various ways like Session::flush() $request->session()->flush(); $request->session()->regenerate(true); $this->driver->manage()->deleteAllCookies(); and 'expire_on_close' => true, in config/session.php
$remembercokkie = Auth::guard('administrator');
$cokkie = Cookie::forget($remembercokkie);
return redirect('/')->withCookie($cookie);
but nothing happen still the user log in.
How do I fix this ?
To destroy a cookie, set it with a negative value for $minutes (the third argument).
return redirect('/')->withCookie(cookie('cookie_name', '', -1));
Source: http://coursesweb.net/laravel/cookies
Related
I want to create a remember me feature on my website using cookie.
when the user logout i want to destroy all session and cookies.
But the problem is i can't delete existing cookie.
i'am using CodeIgniter 4 framework
i already loaded cookie helper in my BaseController.
i tried this code in my logout controller :
delete_cookie('remember_me_token');
but that doesnt work, and also i tried this one :
set_cookie('remember_me_token', '', - 1209600); // set to minus
and the result is the same, i can't delete the cookie
please help :(
I followed up with a different approach using the setCookie function which was chained using the response and simply set the expiry time to -1.
$this->response->setCookie(['name' => 'token','value' => "" ,'expire' => '-1','domain' => $domain, 'path' => '/'])
Reference : https://codeigniter4.github.io/userguide/outgoing/response.html?highlight=set%20cookie
My Codeigniter's sessions used the default value
$config['cookie_domain'] = "";
But now I need to be able to use CodeIgniter's sessions from domain.com on
subdomain1.domain.com
subdomain2.domain.com
So I saw in the codeigniter manual that you can set
$config['cookie_domain'] = ".domain.com";
And the extra dot will make all the ci_sessions shared by the domain and subdomains. This works perfect!
However, it is impossible to log back in the system after changing cookie_domain from "" to ".domain.com" unless I manually delete the cookie ci_session in the chrome settings.
I can't ask all the users to delete their cookies so I need to find a way. I tried all of this:
delete_cookie('ci_session');
setcookie('ci_session', '', time()-3600);
$this->session->sess_destroy();
unset($this->session->userdata);
$this->session->unset_userdata( <array with all the session keys> )
foreach ($_COOKIE as $key=>$cookie)
setcookie($key, '', time() - 9999999);
Some useful info maybe, sess_expiration is set to 2 weeks, this is why I tried a huge number in the setcookie function:
$config['sess_expiration'] = 1209600; // 2 weeks
Also, after all these commands to make the cookie expired. Chrome still says that the ci_session cookie expires in 2 weeks. It's as if it was completely oblivious to the function setcookie
Change your current $config[sess_cookie_name] from ci_session - to something else like new_cookie
Then the browser will look for the new_cookie name, which wont exist - and thus force a new cookie on all your users
I submit form to controller/complete action, set
$this->session->set_userdata('success', 3);
and then redirect to index action with redirect('controller', 'refresh');.
In my view I get
$success = $this->session->userdata('success');
do some work and then
$this->session->set_userdata('success', 0);
And it works fine, but when I reload page (it is an index action), I still get in $success 3, not 0. What am I missing?
I have seen many problems with codeigniter DB Session, and thus refuse to use it, to include the session not actually properly updating.
If you are interested I created a PHP Session based class that acts as a replacement, it benefits from backward compatability, but also a much easier way of using it.
Check out my Gist: https://gist.github.com/chazmead/1688becbcf11f897e962
To install you will need to replace the CI Session config in application/config/config.php to:
$config['session'] = (object)array(
'UID' => 'MY_SESSION_KEY',
'sess_expiration' => 7200,
'match_ip' => False,
'match_user_agent' => False
);
Then install the file to application/models/session.php
then instead of loading the CI session, just load this session model.
Using this is very easy, just assign variables to the session and it saves automatically, it also locks and unlocks the session so that async requests don't get locked up (which is a problem with PHP sessions)
For full backward compatability you may need to use $this->session = &$this->Session after loading the new model, otherwise you will have to make sure your calling session using Session (Uppercase S) as this is how CI models work. or install as a library instead..
The codeigniter by default managing session in COOKIE, more info
why the cookie value is not updated at once when i submit the form?
CI also provides setting to store session data in database table, if you store session in table this would work fine.
http://ellislab.com/codeigniter/user-guide/libraries/sessions.html
EDITED, look at the end
I got a Symfony 1.2 project, that was running on two domains (different app used on each domain) : www.mywebsite.com and abonnement.mywebsite.com
I had two different cookie name/domain in each app.
We decided to use the same cookie for both apps. So, i edited the config for both apps and set the cookie_domain to .mywebsite.com, and setted the cookie_name to mywebsite_cookie in boths apps.
The problem is that when I visit abonnement.mywebsite.com, the old cookie is used. Manually deleting this cookie in my browser fixes the problem, but there are thousands of users on this website and I'm wondering if there's a solution to manually delete this cookie.
I tried :
if (isset($_COOKIE['abonnement_cookie'])) {
ini_set('session.cookie_domain', 'abonnement.mywebsite.com);
setcookie('abonnement_cookie', '', time() - 3600, '/');
$this->redirect('#internet_etape_1');
}
But no success.
Is there a way to do it?
I'm using Firefox 9.0.1
Thanks!
Edit:
I found the problem, cookie was created with "host" and not "domain".
To use the current host, you need to specify '' as domain :
setcookie('abonnement_cookie', 0, time() - 3600, '/', '');
Hope this helps!
You need to match the domain and path that which was used to create the cookie when destroying the cookie. This is because as you have discovered, it is possible to have a cookie with the same name and different scopes for the same domain. When destroying the cookie, you must match the scope that was used to create it, so the client knows which one to destroy.
Try:
setcookie('abonnement_cookie', '', time() - 3600, '/', 'abonnement.mywebsite.com');
OK, I'm stumped, and have been staring at this for hours.
I'm setting a cookie at /access/login.php with the following code:
setcookie('username', $username, time() + 604800, '/');
When I try to logout, which is located at /access/logout.php (and rewritten to /access/logout), the cookie won't seem to unset. I've tried the following:
setcookie('username', false, time()-3600, '/');
setcookie('username', '', time()-3600, '/');
setcookie('username', '', 1, '/');
I've also tried to directly hit /access/logout.php, but it's not working.
Nothing shows up in the php logs.
Any suggestions? I'm not sure if I'm missing something, or what's going on, but it's been hours of staring at this code and trying to debug.
How are you determining if it unset? Keep in mind that setcookie() won't remove it from the $_COOKIE superglobal of the current script, so if you call setcookie() to unset it and then immediatly print_r($_COOKIE);, it will still show up until you refresh the page.
Try pasting javascript:alert(document.cookie); in your browser to verify you don't have multiple cookies saved. Clear all cookies for the domain you're working on to make to sure you're starting fresh. Also ini_set(E_ALL); to make sure you're not missing any notices.
Seems to be a server issue. My last domain was pretty relaxed on PHP error handling while the new domain shows every error. I'm using both sites side by side and the old one removes the cookie as it should.
Is there perhaps a timezone issue here? Have you tried setting using something farther in the past, like time() - (3600*24)? PHP's documentation says that the internal implementation for deleting cookies uses a timestamp of one year in the past.
Also, you should be able to use just setcookie('username', false); without passing an expiration timestamp, since that argument is optional. Maybe including it is confusing PHP somehow?
How you use cookies data in your application?
If you read the cookies and check if username is not false or not '', then setting it to false or '' will be sufficient, since your application will ignore the cookies value.
You better put some security in cookies value, to prevent user change it's value. You can take a look of CodeIgniter session library, see how CI protect the cookies value using hash. Unauthorized value change will detected and the cookies will be deleted.
Also, CI do this to kill the cookies:
// Kill the cookie
setcookie(
$this->cookie_name,
addslashes(serialize(array())),
(time() - 31500000),
$this->cookie_path,
$this->cookie_domain,
0
);
You can delete cookies from javascript as well. Check here http://www.php.net/manual/en/function.setcookie.php#96599
A simple and convenient way, is to use this additional functions:
function getCookie($name) {
if (!isset($_COOKIE[$name])) return false;
if ($_COOKIE[$name]=='null') $_COOKIE[$name]=false;
return $_COOKIE[$name];
}
function removeCookie($name) {
unset($_COOKIE[$name]);
setcookie($name, "null");
}
removing a cookie is simple:
removeCookie('MyCookie');
....
echo getCookie('MyCookie');
I had a similar issue.
I found that, for whatever reason, echoing something out of logout.php made it actually delete the cookie:
echo '{}';
setcookie('username', '', time()-3600, '/');
I had the same issue; I log out (and I'm logged out), manually reload the index.php and then I'm logged in again. Then when I log out, I'm properly logged out.
The log out is a simple link (index.php?task=logout). The task removes the user from the session, and "deletes" (set value '' and set expiry in the past) the cookie, but index.php will read the user's auth token from the cookie just after this (or all) task (as with normal operations). Which will reload the user. After the page is loaded the browser will show no cookie for the auth token. So I suspect the cookie gets written after page finish loading.
My simple solution was to not read the cookie if the task was set to logout.
use sessions for authentication, don't use raw cookies
http://www.php.net/manual/en/book.session.php