I'm trying to set a cookie with:
setcookie($cookie_name, $val, 0);
Or
setcookie($cookie_name, $val);
But when I close and re-open the browser (firefox, chrome) the cookie is still alive with the same value. How can I force it to delete when visit is over?
Thank you
To delete a cookie just set the expiry date to the past like so:
// Set the cookie in the past to ensure it is removed
setcookie($cookie_name, $val, time()-3600);
However, I do not think this is the issue in your case, as your code seems to be correct.
How are you testing for the cookie? You are probably setting it again before testing for it!
You will also want to make sure you are closing the browser not the tab. Closing a tab, does not end a session!
Try setting the value as null
setcookie($cookie_name, null);
You should try
setcookie($cookie_name, $val, time()-3600);
Try to use this code:
setcookie ("TestCookie", "", time() - 3600);// set the time to minus to remove the cookie.
I have experienced this similar problem with Chrome. Opening up the cookies panel in Web Developer Tools sometimes shows the cookie with Expires set to "Session". Upon closing the browser (not just the tab) and re-opening the browser this cookie still persists. A sure fire way to resolve this is to clear the cache. That seems to do the trick. Bottom line is that if the cookie is being shown as "session" in the browser tools, then you've set it correctly.
You may need to unset the cookie and then set it null like this:
unset($_COOKIE['cookie_name']);
setcookie ( 'cookie_name', null,-1 );
in the first line, you unset it and then set it to null in case any further problem.
Related
I have built my logging in and out system but it seems to not work correctly in some browsers like chrome and firefox. The problem is that the browsers remember cookies even if they're meant to expire at session end.
Does anyone have a solution for that?
I'd just like to note that creating another cookie to monitor if it's supposed to remember or not is not a valid solution, there must be a more professional way.
Thank you in advance!
EDIT: I apologize I got confused. I'm not unsetting the cookie at all, the browser is supposed to destroy it when it's closed but it doesn't. That's the problem
Set the expiration date to the past
// set the expiration date to one hour ago
setcookie ("cookie", "", time() - 3600);
See this example from php manuals.
EDIT:
To delete cookies when the browser or the tab is closed, you can use javascript onunload.
<script>
window.onunload=function()
{
document.cookie = 'cookie =; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
}
</script>
It will set the cookie expiration date to the past, on page unload.
To delete a cookie you need to set a negative time.
setcookie('cookie', '', time() - 3600);
Like PHP Doc says:
If set to 0, or omitted, the cookie will expire at the end of the
session (when the browser closes)
This is the idea of PHP but some Browsers don't do that. Just set a negative Time like
setcookie("cookie", "", time() - 10);
and it works.
Why cookie values showing in browser even after it deleted by using PHP code, I am viewing cookie values by using FireFox "View Cookies addon". It will disappear only after delete or clear my browser cookies manually. I asking this question because of my work will work only after deleting cookies from browser manually, if i unset cookie in PHP code and run , it will not work, i am un setting cookie value by setting its expire date with past value.Example:
setcookie ("myCookie", "", time() - 3600, "/", ".example.com");
Code I am using for setting cookie:
setcookie ('Event', '', time() - 3600, '/', '.example.com');
Code I am using for unsetting cookie:
setcookie('Event', '-1-1301223453%7C9de8f7c08bf2be19c125f86ced33a0c2%7C1301050653%7C-1%7C1301223453', '', '/', '.example.com', 0);
But if i print cookie value after it unset it will be blank(nothing), but it will show in browser
Please any one help!!
That is completely based on browser settings you are viewing in and you are asking that the browser is still showing the cookies. That is true browser is still showing the cookies but you will get relax when you check it in PHP the cookie is unset.
print_r($_COOKIE);
show you the active cookies.
Remember when you clear cookies from your browser tool then cookie will be erased but when you unset from the PHP they are set to the time in past not erased from browser history.
Delete cookie with setcookie("myCookie");
What about trying this approach?
// unset cookies
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
}
This could have various reasons. First of all, check if the cookie is set at all. Then make sure it uses the same parameters (except the expiration) as when the cookie was originally set. And for the expiration parameter, use a value that is definitely long in the past (one hour could be too little if your server’s time is off by some hours):
setcookie($cookieName, 'deleted', 1, $cookiePath, $cookieDomain);
here is a simple tutorial about delete cookie by php
first we set the cookie value and expire date.
setcookie('test', 'test', time() + 3600);
visit the page, you'll see the cookie 'test' has successfully created
then, we change the php code to delete cookie 'test', just set a passed date value for it
setcookie('test', 'test', time() - 3600);
visit the page again, you'll find the cookie 'test' has gone
btw: i was use the fire cookie extension to check the cookie value.
hope this simple tutorial can help you.
I'm just trying to set and use a cookie but I can't seem to store anything.
On login, I use:
setcookie("username", $user);
But, when I use Firefox and the Web Developer plugin Cookies -> View Cookie Information There is no username cookie.
Also, when I try to access the value from a subsequent page using
$_COOKIE["username"]
It is returning null/empty
var_dump(setcookie("username", $user));
RESULT: bool(true)
and
var_dump($_COOKIE)
RESULT: specific cookie does not exist (others are there)
I have done some more testing...
The cookie exists after login (first page) but disappears when I go to another (2nd page) and is lost for good...
Are there any headers that must be present or not present?
http://php.net/manual/en/function.setcookie.php
Try setting the $expire parameter to some point in the future. I believe it defaults to 0, which is in the distant past.
Make sure that you are setting the domain parameter correctly in case the URL is changing after you go to another page after login. You can read more about the domain parameter on http://php.net/manual/en/function.setcookie.php
The cookie is probably expired because $expire defaults to 0 seconds since the Unix epoch. (docs)
Try
setcookie("username", $user, time() + 1200);
which expires 20 minutes after set (based on the client's time).
Use var_dump() on setcookie(..) to see what is returned. Also might do the same to $_COOKIE to see if the key is set.
Thanks everyone for the feedback... Aditya lead me to further analyse the cookie and I discovered that the path was the issue...
The login path was /admin/ and then I was redirecting back to the root...
Thanks all for your help and feedback!
OK, I'm stumped, and have been staring at this for hours.
I'm setting a cookie at /access/login.php with the following code:
setcookie('username', $username, time() + 604800, '/');
When I try to logout, which is located at /access/logout.php (and rewritten to /access/logout), the cookie won't seem to unset. I've tried the following:
setcookie('username', false, time()-3600, '/');
setcookie('username', '', time()-3600, '/');
setcookie('username', '', 1, '/');
I've also tried to directly hit /access/logout.php, but it's not working.
Nothing shows up in the php logs.
Any suggestions? I'm not sure if I'm missing something, or what's going on, but it's been hours of staring at this code and trying to debug.
How are you determining if it unset? Keep in mind that setcookie() won't remove it from the $_COOKIE superglobal of the current script, so if you call setcookie() to unset it and then immediatly print_r($_COOKIE);, it will still show up until you refresh the page.
Try pasting javascript:alert(document.cookie); in your browser to verify you don't have multiple cookies saved. Clear all cookies for the domain you're working on to make to sure you're starting fresh. Also ini_set(E_ALL); to make sure you're not missing any notices.
Seems to be a server issue. My last domain was pretty relaxed on PHP error handling while the new domain shows every error. I'm using both sites side by side and the old one removes the cookie as it should.
Is there perhaps a timezone issue here? Have you tried setting using something farther in the past, like time() - (3600*24)? PHP's documentation says that the internal implementation for deleting cookies uses a timestamp of one year in the past.
Also, you should be able to use just setcookie('username', false); without passing an expiration timestamp, since that argument is optional. Maybe including it is confusing PHP somehow?
How you use cookies data in your application?
If you read the cookies and check if username is not false or not '', then setting it to false or '' will be sufficient, since your application will ignore the cookies value.
You better put some security in cookies value, to prevent user change it's value. You can take a look of CodeIgniter session library, see how CI protect the cookies value using hash. Unauthorized value change will detected and the cookies will be deleted.
Also, CI do this to kill the cookies:
// Kill the cookie
setcookie(
$this->cookie_name,
addslashes(serialize(array())),
(time() - 31500000),
$this->cookie_path,
$this->cookie_domain,
0
);
You can delete cookies from javascript as well. Check here http://www.php.net/manual/en/function.setcookie.php#96599
A simple and convenient way, is to use this additional functions:
function getCookie($name) {
if (!isset($_COOKIE[$name])) return false;
if ($_COOKIE[$name]=='null') $_COOKIE[$name]=false;
return $_COOKIE[$name];
}
function removeCookie($name) {
unset($_COOKIE[$name]);
setcookie($name, "null");
}
removing a cookie is simple:
removeCookie('MyCookie');
....
echo getCookie('MyCookie');
I had a similar issue.
I found that, for whatever reason, echoing something out of logout.php made it actually delete the cookie:
echo '{}';
setcookie('username', '', time()-3600, '/');
I had the same issue; I log out (and I'm logged out), manually reload the index.php and then I'm logged in again. Then when I log out, I'm properly logged out.
The log out is a simple link (index.php?task=logout). The task removes the user from the session, and "deletes" (set value '' and set expiry in the past) the cookie, but index.php will read the user's auth token from the cookie just after this (or all) task (as with normal operations). Which will reload the user. After the page is loaded the browser will show no cookie for the auth token. So I suspect the cookie gets written after page finish loading.
My simple solution was to not read the cookie if the task was set to logout.
use sessions for authentication, don't use raw cookies
http://www.php.net/manual/en/book.session.php
Why when set php cookie path to "/" doesn't work for every subdirs in the domain, but just for the current directory.
cookie is set like:
setcookie("name", "val", expire_time, "/");
It just doesn't want to work.
try including the domain parameter:
setcookie("name", "val", expire_time, "/", ".domain.com");
// don't forget the prefixing period: .domain.com
that will enable all sudomains of "domain.com"
Are you testing on localhost? In that case, you need to pass null as the value for $domain.
Setting the cookie path to / should make it available to the entire domain. If you set your cookie like that, and it isn't being sent, there is something else wrong.
Try using the Web Developer addon in Firefox. It shows you details on the available cookies. Maybe that can help you diagnose the problem.
Late to the party, I know. But I just discovered that my issue was pretty stupid, but I'll post it for completion:
I was neglecting to add time() to the expires time on the cookie, so it was expiring immediately.
The expires time should be time() + seconds