I have a cookie, that I set with the following command:
setcookie( 'auth', 'cookie data' , time() + 3600, '/', '.mydomain.com', true, true );
when I log out, I call a function to clear it, which does this:
setcookie( 'auth', "", time() - 3600, '/', '.mydomain.com', true, true );
However, if I then refresh the page, $_COOKIE['auth'] is still set, and returns the old 'cookie data' value that should be gone!
What am I missing?
unset($_COOKIE['auth']);
setcookie('auth', '');
make sure you haven't already sent headers
http://www.php.net/manual/en/function.headers-sent.php
make sure you are sending headers. Are you outputting anything else? If not, echo anything to make sure headers are sent before exit.
remove from cookie global array also
if(isset($_COOKIE['auth'])) {
unset($_COOKIE['auth']);
}
if your session name is 'auth', any change to session data may rewrite the session cookie
Related
Domain-Being-Browsed.com has a javascript function, which when triggered makes an ajax call to a php file on another domain: another-domain.com/set-cookie.php
set-cookie.php contains code like this:
header("Access-Control-Allow-Origin: http://localhost:3000");
header("Access-Control-Allow-Credentials: true");
$cookie_set = FALSE;
$cookie_set = setcookie( 'cookie_name', 'cookie_value', $a_big_number, '/' );
if( $cookie_set ){ echo 'cookie set!'; }
The javascript function is like this:
var url = 'http://another-domain.com/set-cookie.php';
$.ajax({
'url': url,
'xhrFields': {
withCredentials: true
}
}).done(function(resp){
console.log(resp);
});
If I visit http://another-domain.com/set-cookie.php in my browser, it sets the cookie.
If I trigger the javascript function, I get a response in the console, 'cookie set!', but when I load http://another-domain.com in my browser, I find that the cookie is not there.
I found this post: Can't set cookie on different domain, which seems exactly like mine, but the answer given I've incorporated already and it doesn't help. What am I missing?
As directed by Barmar, I checked the Network tab in dev tools for the Set-Cookie header in the response. It seems that I needed to set 'SameSite' to 'None'. If you set 'Samesite' to none, you have to set 'secure' also. And if you set secure, you have to load the page over https. So the answer, as found in the answer here: How to fix "set SameSite cookie to none" warning?
is to change the php file like this:
header("Access-Control-Allow-Origin: http://localhost:3000");
header("Access-Control-Allow-Credentials: true");
$cookie_options = array(
'expires' => time() + 60*60*24*30,
'path' => '/',
'secure' => true,
'samesite' => 'None'
);
$cookie_set = FALSE;
$cookie_set = setcookie( 'cookie_name', 'cookie_value', $cookie_options );
if( $cookie_set ){ echo 'cookie set!'; }
and to load the page over https. Works!
I'm trying to execute some PHP that removes a cookie from your browser (it's used for removing your login data cookie) and when you click on the button called 'Log Out'I tried using an action to do this, but it does not seem to work this way?
<?php
if(isset($_COOKIE['LoggedIn']) && !empty($_COOKIE['LoggedIn'])) {
echo "<li>Log Out</li>";
} else {
echo "<li>Log in</li>";
}
?>
I am using the '\' to change make the quotes into regular text quotes that can be placed inside the main quotes.
So my question is mainly, how will i achieve executing it correctly? I've tried it this way but it does not do a thing.
Better still link your a href tag to a php file that runs the function you need and use
header("Location: Your URL")
To redirect back to the login page or anywhere you want
You could use something like this;
<a href='/?logout'>Logout</a>
if(isset($_GET['logout'])){ Logout(); }
function Logout() {
unset( $_SESSION[''] ); // unset and session data
session_unset(); // remove all session variables
session_destroy(); // destroy the session
setcookie("LoggedIn", "", time() - 36000, "/"); //unset the remember me cookie
header( "Location: /?loggedOut=1" );
exit;
}
As far as I'm aware anchor tags ("a" tag) have no concept of an "action" attribute. I think what you want here is "onclick" instead of "action".
Occurs to me you are also trying to execute a php function in the "action" attribute, this clearly will not work - you need to create a simple javascript function that clears out the cookie. For example:
var deleteCookie = function(name,path) {
document.cookie = name + '=; expires=Thu, 01 Jan 1970 00:00:01 GMT;' + (path ? ' path=' + path : '');
};
Which you can then invoke in an "onclick" on your link.
I reccomend just having a logout.php button which redirects to the login page after logout button has been clicked like so:
echo "<li>Log Out</li>";
Logout.php
//Expire Cookie
setcookie('LoggedIn', '', time() - 60*100000, '/');
//Redirect to page
header( 'Location: https://www.foo.com/login.php' ) ;
I'm trying to access a cookie's value (using $_COOKIE) immediately after calling the setcookie() function in PHP. When I do so, $_COOKIE['uname'] isn't set. Why?
Note, however, that $_COOKIE['uname'] is set as expected upon the next execution of the script, such as after a page refresh.
setcookie('uname', $uname, time() + 60 * 30);
echo "Cookie value: " . $_COOKIE['uname'];
The cookie isn't set until the response is sent back to the client, and isn't available in your PHP until the next request from the client after that.
However, when you set the cookie in your script, you can do:
setcookie('uname', $uname, time()+60*30);
$_COOKIE['uname'] = $uname;
$_COOKIE is set when the page loads, due to the stateless nature of the web. If you want immediate access, you can set $_COOKIE['uname'] yourself or use an intermediate variable.
For example:
if (isset($_COOKIE['uname'])) {
// get data from cookie for local use
$uname = $_COOKIE['uname'];
}
else {
// set cookie, local $uname already set
setcookie('uname', $uname, time() + 1800);
}
If you want to access a cookie's value immediately after calling the setcookie() you can't use $_COOKIE. The reason for this is in the nature of the protocol (see https://www.rfc-editor.org/rfc/rfc6265). When you use setcookie() it defines a Cookie to be sent along with the rest of the HTTP headers to the client (see http://php.net/manual/en/function.setcookie.php). But $_COOKIE on the other hand contains variables passed to the current script via HTTP Cookies from the client (http://php.net/manual/en/reserved.variables.cookies.php).
When you change $_COOKIE after calling setcookie() - like some answers here recommend - it doesn't contain only the Cookies from the client any more. This could interferer with assumptions made in third party code used in your application and may result in unwanted site effects. So in general it's not good practice and it's only an option when the calls of setcookie() are part of your own code.
A clean and transparent way to get a value set with setcookie() within the same request is to use headers_list() (see http://php.net/manual/en/function.headers-list.php):
function getcookie($name) {
$cookies = [];
$headers = headers_list();
// see http://tools.ietf.org/html/rfc6265#section-4.1.1
foreach($headers as $header) {
if (strpos($header, 'Set-Cookie: ') === 0) {
$value = str_replace('&', urlencode('&'), substr($header, 12));
parse_str(current(explode(';', $value, 1)), $pair);
$cookies = array_merge_recursive($cookies, $pair);
}
}
return $cookies[$name];
}
// [...]
setcookie('uname', $uname, time() + 60 * 30);
echo "Cookie value: " . getcookie('uname');
But notice this won't work in PHP CLI (e.g. PHPUnit). In such a case you could use third party extensions like XDebug (see http://xdebug.org/docs/all_functions#xdebug_get_headers).
You have to set the cookie variable by yourself if you need it immediately, by the time you load another page the real cookie would have been set as a result of the setcookie method.
setcookie('name', $value, time()+60*30);
$_COOKIE ['name'] = $value;
We can do this using AJAX calling.
If we want to create cookies on button click so first create a AJAX call for creating cookies then the success of first AJAX calling we can call another AJAX for getting the cookies.
function saveCookie() {
var base_url = $('#base_url').val();
var url = base_url + '/index/cookie';
$.ajax({
'url': url,
'type': 'POST',
'success': function (data) {
if (data) {
var url = base_url + '/index/get_cookie';
$.ajax({
'url': url,
'type': 'POST',
'success': function (response) {
var container = $('#show');
if (response) {
container.html(response);
}
}
});
}
}
});
}
<button type="button" onclick="saveCookie()">Save Cookie</button>
<div id="show"></div>
I had a similar problem where i used a function from a included file and solved it with a function that both returns the value of the cookie and sets the cookie.
function setCookie($input) {
setcookie('uname', $input, time() + 60 * 30);
return $input;
}
if(!isset($_COOKIE['uname'])) {
$uname = setCookie($whatever);
} else {
$uname = $_COOKIE['uname'];
}
echo "Cookie value: " . $uname;
Using ob_start() and ob_flush() you can send the cookie to client and retrieve it in the same run time. Try this:
ob_start();
setcookie('uname', $uname, time() + 60 * 30);
ob_flush();
echo "Cookie value: " . $_COOKIE['uname'];
Your script's setcookie() function runs when the web browser requests the page for the first time, in your case the reload. This cookie is stored in the users browser and isn't available to your script running on the server until the next request, or in your case the next reload.
Upon the next request the browser sends that cookie to the server and the array $_COOKIE will have the value that you initially set and the browser sent back upon the second request.
I set a constant at the same time the cookie was created
define('CONSTANT', true);
return setcookie('cookiename', 'cookie value goes here', time() + 60 * 60 * 24 * 30, '/');
I can then immediately do something by:
if(isset($_COOKIE['cookiename']) || $_COOKIE['cookiename'] || defined('CONSTANT') && CONSTANT)
I have a logout.php page. This gets called by clicking logout that has this javascript attached to it:
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
button.onclick = function() {
FB.logout(function(response) {
window.location = 'logout.php';
});
}
}
});
On the logout page i have this php code running:
if (isset($_COOKIE['fbsr_' . $app_id])) {
setcookie('fbsr_' . $app_id, $_COOKIE['fbsr_' . $app_id], time() - 3600, "/");
setcookie('PHPSESSID', $_COOKIE['PHPSESSID'], time() - 3600, "/");
unset($_COOKIE['fbsr_' . $app_id]);
unset($_COOKIE['PHPSESSID']);
}
The problem is that the javascript does log someone out. The php script will not remove the fbsr and the phpsessid cookies. How can I get around this issue?
For some of the applications, FB sets the fbsr cookie under ".your-domain.tld" domain (notice the preceding point). The cookie won't be deleted unless you specify the correct domain. Try this and you'll have logout working:
setcookie('fbsr_' . $appID, '', time()-3600, '/', '.'.$_SERVER['SERVER_NAME']);
It's a FB bug that makes the cookie not be deleted at logout, so your $fb->getUser() API call returns the former user ID instead of NULL or 0. This is FB world ;)
Greetings!
I had the same problem, even though all cookie pars were right (doublechecked)
What seems to work for me, is
setcookie($cookie_name, '', null, '/', '.'.$base_domain);
note the null value instead of: time()-3600
I honestly dont know why that works and the time()-3600 does not, but I cross checked and it works... HTH
I'm trying to access a cookie's value (using $_COOKIE) immediately after calling the setcookie() function in PHP. When I do so, $_COOKIE['uname'] isn't set. Why?
Note, however, that $_COOKIE['uname'] is set as expected upon the next execution of the script, such as after a page refresh.
setcookie('uname', $uname, time() + 60 * 30);
echo "Cookie value: " . $_COOKIE['uname'];
The cookie isn't set until the response is sent back to the client, and isn't available in your PHP until the next request from the client after that.
However, when you set the cookie in your script, you can do:
setcookie('uname', $uname, time()+60*30);
$_COOKIE['uname'] = $uname;
$_COOKIE is set when the page loads, due to the stateless nature of the web. If you want immediate access, you can set $_COOKIE['uname'] yourself or use an intermediate variable.
For example:
if (isset($_COOKIE['uname'])) {
// get data from cookie for local use
$uname = $_COOKIE['uname'];
}
else {
// set cookie, local $uname already set
setcookie('uname', $uname, time() + 1800);
}
If you want to access a cookie's value immediately after calling the setcookie() you can't use $_COOKIE. The reason for this is in the nature of the protocol (see https://www.rfc-editor.org/rfc/rfc6265). When you use setcookie() it defines a Cookie to be sent along with the rest of the HTTP headers to the client (see http://php.net/manual/en/function.setcookie.php). But $_COOKIE on the other hand contains variables passed to the current script via HTTP Cookies from the client (http://php.net/manual/en/reserved.variables.cookies.php).
When you change $_COOKIE after calling setcookie() - like some answers here recommend - it doesn't contain only the Cookies from the client any more. This could interferer with assumptions made in third party code used in your application and may result in unwanted site effects. So in general it's not good practice and it's only an option when the calls of setcookie() are part of your own code.
A clean and transparent way to get a value set with setcookie() within the same request is to use headers_list() (see http://php.net/manual/en/function.headers-list.php):
function getcookie($name) {
$cookies = [];
$headers = headers_list();
// see http://tools.ietf.org/html/rfc6265#section-4.1.1
foreach($headers as $header) {
if (strpos($header, 'Set-Cookie: ') === 0) {
$value = str_replace('&', urlencode('&'), substr($header, 12));
parse_str(current(explode(';', $value, 1)), $pair);
$cookies = array_merge_recursive($cookies, $pair);
}
}
return $cookies[$name];
}
// [...]
setcookie('uname', $uname, time() + 60 * 30);
echo "Cookie value: " . getcookie('uname');
But notice this won't work in PHP CLI (e.g. PHPUnit). In such a case you could use third party extensions like XDebug (see http://xdebug.org/docs/all_functions#xdebug_get_headers).
You have to set the cookie variable by yourself if you need it immediately, by the time you load another page the real cookie would have been set as a result of the setcookie method.
setcookie('name', $value, time()+60*30);
$_COOKIE ['name'] = $value;
We can do this using AJAX calling.
If we want to create cookies on button click so first create a AJAX call for creating cookies then the success of first AJAX calling we can call another AJAX for getting the cookies.
function saveCookie() {
var base_url = $('#base_url').val();
var url = base_url + '/index/cookie';
$.ajax({
'url': url,
'type': 'POST',
'success': function (data) {
if (data) {
var url = base_url + '/index/get_cookie';
$.ajax({
'url': url,
'type': 'POST',
'success': function (response) {
var container = $('#show');
if (response) {
container.html(response);
}
}
});
}
}
});
}
<button type="button" onclick="saveCookie()">Save Cookie</button>
<div id="show"></div>
I had a similar problem where i used a function from a included file and solved it with a function that both returns the value of the cookie and sets the cookie.
function setCookie($input) {
setcookie('uname', $input, time() + 60 * 30);
return $input;
}
if(!isset($_COOKIE['uname'])) {
$uname = setCookie($whatever);
} else {
$uname = $_COOKIE['uname'];
}
echo "Cookie value: " . $uname;
Using ob_start() and ob_flush() you can send the cookie to client and retrieve it in the same run time. Try this:
ob_start();
setcookie('uname', $uname, time() + 60 * 30);
ob_flush();
echo "Cookie value: " . $_COOKIE['uname'];
Your script's setcookie() function runs when the web browser requests the page for the first time, in your case the reload. This cookie is stored in the users browser and isn't available to your script running on the server until the next request, or in your case the next reload.
Upon the next request the browser sends that cookie to the server and the array $_COOKIE will have the value that you initially set and the browser sent back upon the second request.
I set a constant at the same time the cookie was created
define('CONSTANT', true);
return setcookie('cookiename', 'cookie value goes here', time() + 60 * 60 * 24 * 30, '/');
I can then immediately do something by:
if(isset($_COOKIE['cookiename']) || $_COOKIE['cookiename'] || defined('CONSTANT') && CONSTANT)