I have a page (mypage.html) which sets a cookie as follows:
setcookie ("sessionid", md5 (uniqid (rand())));
Now, at the top of an include which displays the site header I have the following:
echo "cookie is ". $_COOKIE['sessionid'];
When I am on mypage.html, which includes the header, the echo command displays the cookie name, as it should...e.g.
cookie is 4d40102ff2d2268d907dd31debc411e2 cookie is 4d40102ff2d2268d907dd31debc411e2
But if I move aeway from the page which set the cookie, all I see is
cookie is
with no name - If I go back to mypage.html it reads it again with no problem. I have no clue how this can happen?? Any ideas?
Set an explicit path for the cookie. The default is the current directory only, so if you navigate to a script in another directory, the cookie won't be sent back by the browser.
// Cookie is valid for all paths ( / ) in the current domain
// This also has an explicit expiry time of 1 hour from the time it's set...
setcookie ("sessionid", md5 (uniqid (rand())), time() + 3600, "/");
It's a little unusual to be setting your own session cookies though, when simply initiating a session handles it for you:
session_start();
// Id is set for you...
echo session_id();
Related
I can't figure out why I can't remove a cookie or it's value:
I have simple log in script, when user enters correct login details, this is
setcookie('logged', $admin['username'], time()+60*60*24*365);
Also, session_start() is present on all pages.
When I want to log off a user, the following happens:
if($page=='logoff') {
setcookie('logged', "", time() - 3600);
unset($_COOKIE['logged']); // tried also this
session_destroy();
$_SESSION=null;
header("Location: index.php"); // if this is removed, the code below acts like there's no $_COOKIE['logged'] or it's empty (until refresh)
}
Once it gets redirected to index.php the $_COOKIE['logged'] is back with the old value, like something would set it again (nothing does for sure, I even removed the one and only login cookie set line)
I couldn't find a solution in similar questions. Tested in chrome and IE.
You can't "unset" a cookie. "Expire" it by setting it to a value in the past:
<?php
// set the expiration date to one hour ago
setcookie("logged", "", time() - 3600);
?>
http://www.w3schools.com/php/php_cookies.asp
What I want to do it cause an action when a cookie expires. For example i have a cookie:
setcookie('loggedIn', true, time()+ 3600);
When the cookie expires I would like to be able to redirect them to a different web page automatically and call a php script that would log the user out.
You can check it via $_COOKIE.
if(!isset($_COOKIE['loggedIn'])){
header('Location: /path/to/another/page');
exit;
}
You can code it in a separate file and include it in every page OR you can implement it in XHR.
It sounds as though what you're trying to do is automatically log users out after some amount of time. Cookie expiration is not an appropriate way to do this — the expiration date of a cookie can be changed by the user, and cookies can be deleted without reaching their expiration date. (For instance, if a user clears cookies in their browser, or uses a private browsing session.)
An appropriate way to log a user out automatically would be to store the expiration date in the session, e.g.
// during login
$_SESSION["valid_until"] = time() + 3600 * 3; // stay logged in for three hours
// then, during page startup
if ($_SESSION["valid_until"] < time()) {
session_destroy(); // or store data in the session to indicate it's inactive
header("Location: error.php?err=session-timeout");
exit();
}
set cookie is not setting the value for the following code.
<?php
session_start();
ob_start();
unset($_SESSION['adminname']);
session_destroy();
if(isset($_COOKIE['adminremember_me'])) {
$past = time() - 100;
setcookie('adminremember_me', gone, $past);
}
header("Location: login.php");
exit();
?>
Cookie is not deleting as setcookie donot works though an error message is not displayed.
Interesting part is that i have another file with same code structure but with different cookie name for normal user logout and that one works.
I moved the admin logout file which was in (htdocs/site/admin/)to (htdocs/site) and now logout works!!! seriously what change didit make?
You can have multiple cookies with the same name but different paths. So if you script is in /folder1/folder2/mypage.php, you can have 1 cookie with the path /folder1 and another with the path /folder1/folder2, and both cookies could have the same name.
My guess is the cookie you are trying to delete belongs to a different path (by default, if you don't specify a path, then it assumes the folder that the script is in). To delete it, you will have to manually set the path parameter to match that of the cookie. For example:
setcookie('adminremember_me', gone, $past, "/");
or
setcookie('adminremember_me', gone, $past, "/folder1/");
To see what the path is on the existing cookie, you need to use your browser's cookie viewer to see what path is set on it.
Edit: to answer the question in your edit, when you moved the location of your logout file, you moved it to be in the same folder as the path that was set on the cookie (so the default value was now the same). If you want to move the script back to the old location, just explicity set the path to whatever the folder was where it worked
I want to set a cookie if Username is entered and also want the previous cookie to get deleted. I am able to unset the previous cookie but new cookie is not working for me. It showing blank.
if(!empty($User_Name))
{
unset($_COOKIE['username']);
setcookie('username', $User_Name, time()+31536000);
echo $_COOKIE['username']; // blank
}
Any help would be nice.
In my opinion there is no need to unset the cookie. Because, when you set the cookie it will override the existing cookie ( if it exists ) or create a new one ( if it doesn't exist )
From the PHP Docs..
Cookies will not become visible until the next loading of a page that
the cookie should be visible for. To test if a cookie was successfully
set, check for the cookie on a next loading page before the cookie
expires.
Found that if the path is empty it applies only to the current path, if you specify "/" applies to all paths.
so / did the trick.
setcookie('username', $User_Name, time() + (86400 * 7), "/");
I have a script that logs out the user (logout.php) and it works perfectly fine in FF and IE, but in Chrome the cookie is still available even after the browser has been closed.
I have tested with this bit of code:
logout.php
session_start();
$_SESSION['un'] = '';
$_SESSION['pw'] = '';
unset($_SESSION['un']);
unset($_SESSION['pw']);
setcookie("spf", "", time()-3600);
session_destroy();
echo "Cookie: ".$_COOKIE['spf']."<br />";
echo "Session: ".$_SESSION['un'];
In Chrome it will still echo out with content for spf despite everything. What am I doing wrong?
Edit:
In FF my testpage echoes this:
Cookie:
Session:
(e.g. blank both).
In Chrome it says this:
Cookie: {\"un\":\"test3333\",\"pw\":\"593c114983263124656dd6bb922b7bd8\"}
Session:
(e.g. the cookie has content and the session is blank).
You can try:
$_SESSION=array(); // assign an empty array to the session
OR
session_unset(); // unset $_SESSION variable for the run-time, frees all session variables currently registered.
INFO
AND THEN :
session_destroy(); // destroy session data in storage
NOTE:
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
In order to kill the session altogether with session_destroy(), like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
TAKEN FROM:
INFO
UPDATE:
Then i think you need this, note that spf is the name of the cookie
setcookie ("spf", "", time() - 3600);
if it is an array change the name to spf[one] ex:
setcookie ("spf[un]", "", time() - 3600);
take a look HERE
Set a date in the past and it will do the trick, also don't forget to add a path so you delete the good one.
setcookie('your_cookie', '', time()-3600,'/');