Clear cookies using PHP

deeayrian
deeayrian used Ask the Experts™
on
I am trying to create a logout page using PHP cookies, but the code won't clear my cookies.  Can you please tell me what I am doing wrong?
$username = "$_COOKIE[username]";
setcookie("username", "", mktime(12,0,0,1, 1, 1970), "/");

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
That code will not delete the cookie, instead it just makes $_COOKIE["username"] = "";

Maybe making that time in 1970 is the issue. You could try just doing something like. The time is set for 1 year ago so it should delete the cookie successfully
<?php

setcookie("username", "", time()-42000, "/"); //delete cookie on client browser
unset($_COOKIE["username"]); //delete cookie on server

?>

Open in new window

Author

Commented:
That isn't working.  The browser still remembers the cookie.  Any other ideas?
Very odd.

Ive been reading about this and all seems to say some browsers dont delete the cookies till after its restarted...

When you say the browser still remmebers the cookie, do you mean the value of "username" is still set (inside the existing cookie) to the logged in user, even after you do the setcookie("username", "", time()-42000, "/");  on the php logout script.

There is no way to directly 'delete' a cookie, all we can really do is change the values of the variables stored inside them, or to change the expiry date and hope the browser deletes the cookie itself.
Most Valuable Expert 2011
Top Expert 2016

Commented:
@deeayrian: Please see this script which performs the logout.  The browser will "remember" the cookie until you close the browser window.  That is because the browser sent the cookie at the start of the script.

Choose any of the optional parts of this script that make sense for your app requirements.

Best regards, ~Ray
<?php // RAY_logout.php
error_reporting(E_ALL);


// TEACHES HOW TO ELIMINATE A PHP SESSION AND CHANGE STATUS FROM LOGGED IN TO LOGGED OUT


// DEFINITIONS - CHOOSE ANYTHING THAT MAKES SENSE TO YOUR APPLICATION REQUIREMENTS
define('COOKIE_LIFE', 60*60*24); // A 24-HOUR DAY IN SECONDS ( = 86,400 )
$cookie_expires	= time() - date('Z') - COOKIE_LIFE;


// ALWAYS START THE SESSION ON EVERY PAGE
session_start();

// CLEAR THE INFORMATION FROM THE $_SESSION ARRAY
$_SESSION = array();

// IF THE SESSION IS KEPT IN COOKIE, FORCE SESSION COOKIE TO EXPIRE
if (isset($_COOKIE[session_name()]))
{
   setcookie(session_name(), '', $cookie_expires, '/');
}

// TELL PHP TO ELIMINATE THE SESSION
session_destroy();






// OPTIONAL - CLEAR ALL COOKIES
/*
foreach ($_COOKIE as $key => $value)
{
   setcookie($key, '', $cookie_expires, '/');
}
*/

// OPTIONAL - TELL CLIENT ABOUT THE LOGOUT
/*
echo "YOU ARE LOGGED OUT";
*/

// OPTIONAL - REDIRECT TO THE HOME PAGE
/*
header("Location: /");
exit;
*/

Open in new window

Most Valuable Expert 2011
Top Expert 2016
Commented:
Perhaps one other point needs to be made.  This code snippet will assign the contents of the value of $_COOKIE["username"] to a variable $username.  Then it will send a cookie to the browser with an empty data field and an expiration date in the past.

But it will not do anything to the superglobal variable $_COOKIE - that was set before the server started running your PHP script.

$_COOKIE is not immutable - if you want cookies to work contemporaneously with your setcookie() functions, you can just manipulate the cookie array directly.

HTH, ~Ray
// ORIGINAL POST
$username = "$_COOKIE[username]";
setcookie("username", "", mktime(12,0,0,1, 1, 1970), "/");

// MODIFYING THE COOKIE IN PHP FOR THIS SCRIPT
unset($_COOKIE["username"]);

Open in new window

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial