I have the following PHP script:
foreach( $_COOKIE as $key => $value ) {
if( strpos( $key, 'ticketRecon_ID-' ) === false ) continue;
else {
setcookie( $key, '', time() - 1 );
unset( $_COOKIE[$key] );
}
}
When I run the script, print_r($_COOKIE) shows me the targeted cookies have been deleted and do not exist. Yet the Chrome dev tool inspector shows the cookies are still present (see screen shot below) And when I return to the page where the cookies where created they are still present.
How do you completely delete/erase/destroy a _COOKIE in PHP? Might this have any bearing or relation to the site pages using the SSL protocol?
AMENDED:
Here is how I initially set the cookie:
setcookie( 'ticketRecon_ID-' . $row['reservationID'], 'N', null, '/' );
Solved it.
It seems you must delete a _COOKIE the same exact and identical way you create them. So I was missing the path attribute on my delete setcookie().
Created like this setcookie( 'ticketRecon_ID-' . $row['reservationID'], 'N', null, '/' );
So delete must be like this setcookie( $key, '', time() - 1, '/' );
Hope this post helps someone someday.
Assign it an empty array
$_COOKIE = array();
Related
I am working on WordPress multisite, and I have changed the login functionality. However, it needs the users to delete old cookies before using this functionality I have created. So I am trying to clear the user's cookies by setting a new cookie, custom_wordpress_login_cookie, to know which of the users have old cookies in the browser, as shown in the following code.
add_action('init', 'clear_all_cookies_before_login');
function clear_all_cookies_before_login(){
if( ! isset( $_COOKIE['custom_wordpress_login_cookie'] ) ){
foreach( $_COOKIE as $key => $value ){
setcookie( $key, '', time() - YEAR_IN_SECONDS);
}
setcookie( 'custom_wordpress_login_cookie', 'true',
time() + YEAR_IN_SECONDS, '/', COOKIE_DOMAIN, false, true );
}
}
The new cookie is being set, but the old cookies persist. What could be the issue?
To prevent creation of a second cookie with the same name, pass / as the path argument to setcookie().
And so, you must change this line:
setcookie( $key, '', time() - YEAR_IN_SECONDS);
to:
setcookie( $key, '', time() - YEAR_IN_SECONDS, '/');
Also note that the way you're expiring cookies may not work if the user's system time is configured incorrectly. This is rare*, but does happen. A simpler way to expire cookies is to simply call:
setcookie( $key, '', 1, '/');
*the user would likely run into TLS issues if the webpage is served over HTTPS.
This is not an answer related to how you can clear cookies, but this solution will help you make sure that all the users currently logged into your website will need to login again.
Go in the wp-config.php and reset the secret salt keys. You can generate new ones here: https://api.wordpress.org/secret-key/1.1/salt/ .
That way it will force all of your users to login again and you no longer need to write code to delete the users' cookies.
Try: setcookie( $key, '', time() - 3600, '/', COOKIE_DOMAIN);
According WordPress documentation, it combines the salt keys with the password. The hash function mixes these up and gives a result. After that it stores inside a cookie to "remember" the login process or tracking behavior.
example: That's the reason two different usernames with the same password are successfully identified as different logins.
First you have to make distinct cookies for every user. Let's say custom_wordpress_login_cookie will contain inside a string with the username or any associated encoded string (preferred).
Then you will check if the custom_wordpress_login_cookie exists and contains the appropriate username.
Act accordingly, if found, perform your logic and then delete (unset) the cookie. Else create a new one.
The following code explains the flow...
function clear_all_cookies_before_login() {
// Current Time of visit
$time_now = date('F j, Y g:i a');
// Check a cookie already set
if(isset($_COOKIE['custom_wordpress_login_cookie'])) {
// Found Cookie
function check_visitor() {
// Retrieve information to use for your logic
$lastvisit = $_COOKIE['custom_wordpress_login_cookie'];
$string .= 'Since your last login '. $lastvisit .'. We have a tone of new things!';
// Delete the old cookie so that we can set it again with updated time
unset($_COOKIE['custom_wordpress_login_cookie']);
return $string;
}} else {
// Not found cookie
function check_visitor() {
$string .= 'Welcome to our website! Please login...' ;
return $string;
}
}
add_shortcode('New_Message', 'check_visitor');
// Set new cookie with expiration of 1 Day
setcookie('custom_wordpress_login_cookie', $time_now , time()+86400);
}
you must used first unset
unset( $_COOKIE[$v_username] );
setcookie( $v_username, '', time() - ( 15 * 60 ) );
Once that’s done, we will force the cookie to expire by setting its value variable to a null value (“”) and passing in a timestamp that’s in the past (time() - ( 15 * 60 )).
You are doing absolutely correct but the deletion of the cookie would not work. The above code will only expire the cookie in the current session. You have to destroy the session also if you want to make the old cookie dis-appear. Thus your new code would be like this:
add_action('init', 'clear_all_cookies_before_login');
function clear_all_cookies_before_login(){
if( ! isset( $_COOKIE['custom_wordpress_login_cookie'] ) ){
foreach( $_COOKIE as $key => $value ){
setcookie( $key, '', time() - YEAR_IN_SECONDS);
}
setcookie( 'custom_wordpress_login_cookie', 'true', time() + YEAR_IN_SECONDS, '/', COOKIE_DOMAIN, false, true );
//Destroy the session and re-direct the user to other location
//this will make sure to disappear the old cookie and new cookie
//only will remain
session_destroy();
header("Location:/");
}
}
I am trying to set a cookie as part of a login script but the cookies never seem to set. I've checked the code with copious debug points and the st cookie is called and setcookie responds true but on inspection no cookies exist. I've double checked by using chrome to look at my cookies - there are none there for this app.
The step before this checks for headers already sent so I know that is not the problem.
<?php
// ...
public function set_cookie($cookie,$value,$time=0){
$cookieCONF = core::get()->factory()->get_config('cookie',array('path'=>'/','domain'=>'.'));
core::get()->debug()->log("COOKIE[{$cookie}]", $value, FALSE, 7);
if($time!==0){
$time= time()+$time;
}
if(!is_array($value)){
setcookie($cookie, $value, $time, $cookieCONF['path'], $cookieCONF['domain']);
}else{
foreach($value as $val=>$ue){
core::get()->debug()->log("{$cookie}[{$val}]", $ue, FALSE, 8);
if(setcookie("{$cookie}[{$val}]", $ue, $time, $cookieCONF['path'], $cookieCONF['domain'])){
core::get()->debug()->log('COOKIE RESULT',"SET {$cookie}[{$val}]={$ue}", FALSE, 8);
}else{
core::get()->debug()->log('COOKIE RESULT',"NOPE {$cookie}[{$val}]={$ue}", FALSE, 8);
}
}
}
}
echoing out the values the function being called is:
setcookie("user[k]", "295f<SNIP>98f2", $time, "/~username/folder/", "localhost");
(Except with the path information for the user and folder in actual use).
This is the debug line that shows that setcookie() is returning true (success).
[15] => Array
(
[message] => COOKIE RESULT
[ref] => SET user[k]=295f<SNIP>98f2
)
So unless there is a limit to numeric keys only that I am unaware of I cannot see why these cookies refuse to set.
What have I done wrong?
Edit
Cookies can take non-numeric keys.
Changing the code to
setcookie("user[k]", "295f<SNIP>98f2", $time);
resulted in cookies being set. However, that set to too wide a scope.
Cookies can take non-numeric keys.
Changing the code to:
setcookie("user[k]", "295f<SNIP>98f2", $time);
resulted in cookies being set. Likewise:
setcookie("user[k]", "295f<SNIP>98f2", $time, "/~username/folder/");
was also fine.
It transpires that localhost cannot be explicitly set as domains must have at least two dots.
Cookies on localhost with explicit domain
So the problem here was not the code - it was setting the cookie but the browser was rejecting it.
Thus, setting localhost to null explicitly solved the problem.
public function set_cookie($cookie,$value,$time=0){
$cookieCONF = core::get()->factory()->get_config('cookie',array('path'=>'/','domain'=>'.'));
core::get()->debug()->log("COOKIE[{$cookie}]", $value, FALSE, 7);
if($time!==0){
$time= time()+$time;
}
if($cookieCONF['domain']=='localhost'){
$cookieCONF['domain']=null;
}
if(!is_array($value)){
setcookie($cookie, $value, $time, $cookieCONF['path'], $cookieCONF['domain']);
}else{
foreach($value as $val=>$ue){
core::get()->debug()->log("{$cookie}[{$val}]", $ue, FALSE, 8);
if(setcookie("{$cookie}[{$val}]", $ue, $time, $cookieCONF['path'], $cookieCONF['domain'])){
core::get()->debug()->log('COOKIE RESULT',"SET {$cookie}[{$val}]={$ue}", FALSE, 8);
}else{
core::get()->debug()->log('COOKIE RESULT',"NOPE {$cookie}[{$val}]={$ue}", FALSE, 8);
}
}
}
}
I need to figure out how to unset this cookie. Everything I tried so far has failed.
This is how I am currently unsetting it and it doesn't seem to work.
setcookie("user_id", $user_id, time() - 7200);
This is how I set it:
setcookie("user_id", $user_id, time() + 7200);
I have this function called set_session_from_cookie() that checks if a cookie is set, and if it is set, it starts a new session using the cookie.
The problem is that when I use this on my page I am unable to logout. I assume this is because I am unable to unset the session.
The reason I have this function is if a user wants to be remembered after they end the session, they can restart the session by calling the cookie.
function set_session_from_cookie()
{
if (isset($_SESSION['user_id'])) {
echo '';
} else {
$_SESSION['user_id']=$_COOKIE['user_id'];
}
}
Logout:
<?php
require'core.php';
session_destroy();
setcookie("user_id", "", time() - 7200);
header('Location:/social_learning/site_pages/starter-template.php');
I set my cookie with the following code:
if ($rememberme == "on") {
$user_id = mysql_result($query_run, 0, 'id');
setcookie("user_id", $user_id, time() + 7200);
$_SESSION['user_id'] = $user_id;
redirect('home_page.php');
} else {
if ($rememberme == "") {
echo 'ok';
$user_id = mysql_result($query_run, 0, 'id');
echo $user_id;
$_SESSION['user_id'] = $user_id;
redirect('home_page.php');
}
}
How can I restart the session using the saved cookie without using the function I created? Since the function seems to be causing the user to no longer be able to logout.
Set the cookie's expiration date to a time in the past (like one second after epoch, for example).
setcookie("yourCookie", "yourValue", 1);
This will cause the cookie to expire.
1 is used instead of 0, because 0 sets the cookie to expire at the end of the session.
The solution to this problem was that the I needed to set the correct path to unset the cookie since I was unsetting it from a different file that I originally set it in.
I found out which path I needed to use for the unset by looking for the cookie inside my browser cookies, and once I found the cookie inside my browser, the path was listed near the cookie. So I then set the path to the cookie like so:
setcookie("user_id", $user_id, time() - 1, "/social_learning/site_pages");
The last parameter is the path. And it worked.
My original setcookie looks like this:
setcookie("user_id", $user_id, time() + 7200, "");
There are few security concerns regarding you code, however to answer your question, to unset a cookie in php, all you need to do is to set expiration time to a time in the past:
setcookie("user_id", "", time()-10, "/");
"loginform.php" is not a valid domain, that might be the problem here.
Look at the php manual for information on setcookie
http://php.net/manual/en/function.setcookie.php
These notes should explain the process:
bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )
Cookies must be deleted with the same parameters as they were set
with. If the value argument is an empty string, or FALSE, and all
other arguments match a previous call to setcookie, then the cookie
with the specified name will be deleted from the remote client. This
is internally achieved by setting value to 'deleted' and expiration
time to one year in past.
Because setting a cookie with a value of FALSE will try to delete the
cookie, you should not use boolean values. Instead, use 0 for FALSE
and 1 for TRUE.
use this code
setcookie("CookieName", "", time()-(60*60*24), "/");
works everytime for me in every website
In php manual, you can delete a cookie by setting a expiration date is in the past:
setcookie("key","",time()-3600);
In some case, you should provide path and domain for arguments.
In fact, if you assign a cookie with a empty string, it'll also be unset:
setcookie("key","");
I need to figure out how to unset this cookie. Everything I tried so far has failed.
This is how I am currently unsetting it and it doesn't seem to work.
setcookie("user_id", $user_id, time() - 7200);
This is how I set it:
setcookie("user_id", $user_id, time() + 7200);
I have this function called set_session_from_cookie() that checks if a cookie is set, and if it is set, it starts a new session using the cookie.
The problem is that when I use this on my page I am unable to logout. I assume this is because I am unable to unset the session.
The reason I have this function is if a user wants to be remembered after they end the session, they can restart the session by calling the cookie.
function set_session_from_cookie()
{
if (isset($_SESSION['user_id'])) {
echo '';
} else {
$_SESSION['user_id']=$_COOKIE['user_id'];
}
}
Logout:
<?php
require'core.php';
session_destroy();
setcookie("user_id", "", time() - 7200);
header('Location:/social_learning/site_pages/starter-template.php');
I set my cookie with the following code:
if ($rememberme == "on") {
$user_id = mysql_result($query_run, 0, 'id');
setcookie("user_id", $user_id, time() + 7200);
$_SESSION['user_id'] = $user_id;
redirect('home_page.php');
} else {
if ($rememberme == "") {
echo 'ok';
$user_id = mysql_result($query_run, 0, 'id');
echo $user_id;
$_SESSION['user_id'] = $user_id;
redirect('home_page.php');
}
}
How can I restart the session using the saved cookie without using the function I created? Since the function seems to be causing the user to no longer be able to logout.
Set the cookie's expiration date to a time in the past (like one second after epoch, for example).
setcookie("yourCookie", "yourValue", 1);
This will cause the cookie to expire.
1 is used instead of 0, because 0 sets the cookie to expire at the end of the session.
The solution to this problem was that the I needed to set the correct path to unset the cookie since I was unsetting it from a different file that I originally set it in.
I found out which path I needed to use for the unset by looking for the cookie inside my browser cookies, and once I found the cookie inside my browser, the path was listed near the cookie. So I then set the path to the cookie like so:
setcookie("user_id", $user_id, time() - 1, "/social_learning/site_pages");
The last parameter is the path. And it worked.
My original setcookie looks like this:
setcookie("user_id", $user_id, time() + 7200, "");
There are few security concerns regarding you code, however to answer your question, to unset a cookie in php, all you need to do is to set expiration time to a time in the past:
setcookie("user_id", "", time()-10, "/");
"loginform.php" is not a valid domain, that might be the problem here.
Look at the php manual for information on setcookie
http://php.net/manual/en/function.setcookie.php
These notes should explain the process:
bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )
Cookies must be deleted with the same parameters as they were set
with. If the value argument is an empty string, or FALSE, and all
other arguments match a previous call to setcookie, then the cookie
with the specified name will be deleted from the remote client. This
is internally achieved by setting value to 'deleted' and expiration
time to one year in past.
Because setting a cookie with a value of FALSE will try to delete the
cookie, you should not use boolean values. Instead, use 0 for FALSE
and 1 for TRUE.
use this code
setcookie("CookieName", "", time()-(60*60*24), "/");
works everytime for me in every website
In php manual, you can delete a cookie by setting a expiration date is in the past:
setcookie("key","",time()-3600);
In some case, you should provide path and domain for arguments.
In fact, if you assign a cookie with a empty string, it'll also be unset:
setcookie("key","");
The cookie which i set in codeigniter gets deleted after i restart the browser. I'm setting up a cookie like:
$test_cookie = array(
'name'=>'test',
'value'=> 'test',
'expire'=> time() + 60*60*24*14
);
$this->input->set_cookie($test_cookie);
The print_r($test_cookie) returns:
Array ( [name] => test [value] => test [expire] => 1309943188 )
Now i can print the cookie to make sure that the cookie is set:
$test_cookie= $this->input->cookie('test');
echo "<b> Cookie value: </b>". $test_cookie;
The cookie prints the value correctly.
However, if i restart the browser, i don't get the cookie value anymore. I've tried multiple browsers. With the var_dump, i get: bool(false)
Why the cookie is getting deleted when browser restarts?
Thanks.
The CodeIgniter documentation says the expires value is added to the current time. So effectively the expires value in your case is time() + time() + 60*60*24*14. This may be beyond the 32 Bit integer limit and turn into a negative value. This in turn will result in a temporary cookie that's deleted upon closing the browser.
$test_cookie = array(
'name'=>'test',
'value'=> 'test',
'expire'=> 60*60*24*14
);
should work. I think.