I cant delete cookies ,it works sometimes (How it can be possible?) but if it begin to stick with not deleting bug it never will work again.I used mobile to see this and I cant delete cookie on mobile.
Codes look like this:
setcookie("cookie_name",$value,strtotime('+4year'),"/",null,null,true);
When I delete it I use below:
setcookie("cookie_token",'',strtotime('-4year'),"/",null,null,true);
I use also this to be sure:
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
//databaseden poza bilersen poz ele
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
}
session_destroy();
$session = isset($_SESSION) ? $_SESSION : '';
Have you tried to use unset function? I mean something like: unset($_COOKIE['cookieName']).
Can Not Delete Session And Cookie
I am new to PHP sessions.
I have used cookies plenty in the past.
I can't seem to get rid of this cookie - no matter what I do!
I seem to be able to clear the session - but the cookie remains.
I have tried all of these: .. and MORE:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
}
?>
above from: http://php.net/manual/en/function.session-destroy.php
<script>
var cookies = document.cookie.split(";");
for (var i = 0; i < cookies.length; i++)
eraseCookie(cookies[i].split("=")[0]);
</script>
What would be some of the reasons why the cookies does not delete?
This is because of the working of a session in php. What happens is when you start a session a unique string is generated which acts as the cookie value for the session . All the data that you are storing inside the session are stored in a file corresponding to the unique string. Now when you destroy a session it does not destroy the session string but rather than that it destroys the values corresponding to that string that is stored on the server.
So even though the cookies are there but there is no data corresponding to it and hence for the next request the session would effectively be empty.
I'm trying to unset/delete/expire cookies on a logout page. However, it doesn't seem to be working. My logout script reads as follows:
require_once("database.php"); // contains session_start()
$_SESSION = array();
session_destroy();
// attempts to unset cookies go here (see below)
var_dump($_SERVER['HTTP_COOKIE']);
header("Location: ./login.php");
exit();
My three attempts to remove a specific cookie login (or all of them), are as follows:
Attempt 1:
setcookie("login", "", time() -3600, "/");
Attempt 2:
$cookies = explode(";", $_SERVER['HTTP_COOKIE']);
foreach ($cookies as $cookie) {
$parts = explode("=", $cookie);
$name = trim($parts[0]);
setcookie($name, "", time() -3600);
setcookie($name, "", time() -3600, "/");
}
Attempt 3:
unset($_COOKIE);
However my var_dump() still contains the cookies!
Also, the page you're then redirected to, login.php contains the following code:
if (isset($_COOKIE['login'])) {
echo "Still set."
}
and low-and-behold, the page displays Still set.
First of all remove all cookies from any available Cookie tools or your browser's developer tool.
Always write COOKIES as '/' with respect to entire domain of site. Path play an important role when we set/unset cookies. Use
setcookie($cookie_name, "$cookie_value", time() +3600, "/") to set and setcookie($cookie_name, "$cookie_value", time() -360000, "/") to unset COOKIES.
Further read here for about COOKIES path: http://www.w3schools.com/php/func_http_setcookie.asp
Hope it helps you
I'm trying to troubleshoot a logout function for a web app. When you're logged in, the app has several cookies set for its domain. Here's the current logout procedure:
You click a link, which sends you to a logout page
The logout page runs a function that calls session_destroy() and also loops through all the cookies for the domain and sets them to expire in the past (see code below)
The logout page then redirects to a login page, which is straight HTML.
At the end of this process, all the other cookies are unset, but the PHPSESSID cookie is still there, has the same value, and is still set to expire at the end of the session.
What am I missing here?
Here's the logout function I mentioned above:
function log_out_current_user() {
// Destroy the session
if (isset($_SESSION)) {
session_destroy();
}
// Expire all of the user's cookies for this domain:
// give them a blank value and set them to expire
// in the past
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
// Explicitly unset this cookie - shouldn't be redundant,
// but it doesn't hurt to try
setcookie('PHPSESSID', '', time()-1000);
}
}
You are not removing it with the same parameters as it was created. Use session_get_cookie_params to obtain those. To be portable you should get the name of the cookie via session_name. Here's a small script to do that:
$params = session_get_cookie_params();
setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
I'm wondering if I can delete all my website's cookies when a user click on logout, because I used this as function to delete cookies but it isn't work properly:
setcookie("user",false);
Is there a way to delete one domain's cookies in PHP?
PHP setcookie()
Taken from that page, this will unset all of the cookies for your domain:
// unset cookies
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
}
http://www.php.net/manual/en/function.setcookie.php#73484
$past = time() - 3600;
foreach ( $_COOKIE as $key => $value )
{
setcookie( $key, $value, $past, '/' );
}
Even better is however to remember (or store it somewhere) which cookies are set with your application on a domain and delete all those directly.
That way you can be sure to delete all values correctly.
I agree with some of the above answers. I would just recommend replacing "time()-1000" with "1". A value of "1" means January 1st, 1970, which ensures expiration 100%. Therefore:
setcookie($name, '', 1);
setcookie($name, '', 1, '/');
The provided Answers did not solve my problem,
It did not:
Remove parent domain cookies (from a.b.c; remove b.c; cookies),
Remove cookies from a higher path other then root.
My script does, see.
<?php function unset_cookie($name)
{
$host = $_SERVER['HTTP_HOST'];
$domain = explode(':', $host)[0];
$uri = $_SERVER['REQUEST_URI'];
$uri = rtrim(explode('?', $uri)[0], '/');
if ($uri && !filter_var('file://' . $uri, FILTER_VALIDATE_URL)) {
throw new Exception('invalid uri: ' . $uri);
}
$parts = explode('/', $uri);
$cookiePath = '';
foreach ($parts as $part) {
$cookiePath = '/'.ltrim($cookiePath.'/'.$part, '//');
setcookie($name, '', 1, $cookiePath);
$_domain = $domain;
do {
setcookie($name, '', 1, $cookiePath, $_domain);
} while (strpos($_domain, '.') !== false && $_domain = substr($_domain, 1 + strpos($_domain, '.')));
}
}
It is not the most pretty/safe/optimal solution, so use this only if you do not known the cookie-path and/or cookie-domain's. Or use the idea in order to create your version.
make sure you call your setcookie function before any output happens on your site.
also, if your users are logging out, you should also delete/invalidate their session variables.
When you change the name of your Cookies, you may also want to delete all Cookies but preserve one:
if (isset($_COOKIE)) {
foreach($_COOKIE as $name => $value) {
if ($name != "preservecookie") // Name of the cookie you want to preserve
{
setcookie($name, '', 1); // Better use 1 to avoid time problems, like timezones
setcookie($name, '', 1, '/');
}
}
}
Also based on this PHP-Answer
You should be aware of various tracking tools like Google Analytics also use cookies on your domain and you don't want to delete them, if you want to have correct data in GA.
The only solution I could get working was to set the existing cookies to null. I couldn't delete the cookies from the client.
So for logging a user out I use the following:
setcookie("username", null, time()+$this->seconds, "/", $this->domain, 0);
setcookie("password", null, time()+$this->seconds, "/", $this->domain, 0);
Of course this doesn't delete ALL cookies.
All previous answers have overlooked that the setcookie could have been used with an explicit domain. Furthermore, the cookie might have been set on a higher subdomain, e.g. if you were on a foo.bar.tar.com domain, there might be a cookie set on tar.com. Therefore, you want to unset cookies for all domains that might have dropped the cookie:
$host = explode('.', $_SERVER['HTTP_HOST']);
while ($host) {
$domain = '.' . implode('.', $host);
foreach ($_COOKIE as $name => $value) {
setcookie($name, '', 1, '/', $domain);
}
array_shift($host);
}
Use the function to clear cookies:
function clearCookies($clearSession = false)
{
$past = time() - 3600;
if ($clearSession === false)
$sessionId = session_id();
foreach ($_COOKIE as $key => $value)
{
if ($clearSession !== false || $value !== $sessionId)
setcookie($key, $value, $past, '/');
}
}
If you pass true then it clears session data, otherwise session data is preserved.
I know this question is old, but this is a much easier alternative:
header_remove();
But be careful! It will erase ALL headers, including Cookies, Session, etc., as explained in the docs.
<?php
parse_str(http_build_query($_COOKIE),$arr);
foreach ($arr as $k=>$v) {
setCookie("$k","",1000,"/");
}
I had to add the following to the top answer to actually remove a few cookies that wouldn't go away:
foreach($_COOKIE as $cook) {
setcookie($cook, '', time()-1000);
setcookie($cook, '', time()-1000, '/');
}