Solved

Strange problem with Cookies

Posted on 2010-11-25
13
370 Views
Last Modified: 2012-06-21
Hello there,
I am developing a site in php and this is the first time in years I have this kind of problem, and can't figure it out...

The problem is that I create some cookies, erase them and when I refresh the page the cookies are still there.

Example:
<?php 

print_r($_COOKIE);
exit();
?>

Open in new window


Returns:
Array ( [fbs_149865948383849] => \"access_token=149865948383849|2.PfG_sklQhUD7dSKqe_lzIQ__.3600.1290704400-698363010|c0usGkjKPEsASYTZqjF_Y-Rwxj8&base_domain=pregunpedia.com&expires=1290704400&secret=nQ3fNvMekK6D11hbT8XH6Q__&session_key=2.PfG_sklQhUD7dSKqe_lzIQ__.3600.1290704400-698363010&sig=a440d03a60808e5ee02e14a941a1eea6&uid=698363010\" [conecta_fb] => iniciado_fb [PHPSESSID] => 015fa2b540ec4185cebd6cab2f7da027 )

I have a page called logout.php, I execute it and at the bottom of this page I have

print_r($_COOKIES) 

Open in new window


and returns no value, afterwards I leave that page (logout.php)  and return to index.php that only has print_r($_COOKIE); exit(); and returns the cookies again!!

I use this function
function DeleteAllCookies(){
           if (isset($_SERVER['HTTP_COOKIE']))
           {
              $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
              foreach($cookies as $cookie)
              {
                 $parts = explode('=', $cookie);
                 $name = trim($parts[0]);
                 unset($_COOKIE[$name]);
              }
          }}


DeleteAllCookies();

unset($_SESSION['conecta_fb']);
unset($_SESSION['plataforma']);

print_r($_COOKIE);
echo "<hr>";
print_r($_SESSION);
header("location: ".$_SERVER['HTTP_REFERER']);

Open in new window


Has anyone has any idea of what I can be happening?

Thank's in Advanced.

DAniel.
0
Comment
Question by:visionari
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
  • 2
13 Comments
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34213118
This may happen if you have more than one copy of the browser running.  All your browser instances share the same cookie jar.
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 34213132
In the code example posted above, line 22 will fail because print_r produces browser output.  And I might want to do the delete-all-cookies function this way:
function deleteAllCookies()
{
    foreach ($_COOKIE as $name = $nothing)
    {
        setcookie($name, NULL, time()-3600);
    }
}

Open in new window

0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34213141
Here is my teaching example of a Logout script.  See if this makes sense to you.  If not, please post back and I'll try to help.

best regards, ~Ray
<?php // RAY_logout_example.php
error_reporting(E_ALL);

// MAN PAGE HERE: http://us.php.net/manual/en/book.session.php
// ALWAYS START THE SESSION ON EVERY PAGE
session_start();

// SEE IF THE CLIENT IS ALREADY LOGGED OUT
if (empty($_SESSION["uid"]))
{

// CLIENT IS NOT LOGGED IN
    echo "<br/>YOU ARE NOT LOGGED IN \n";
    echo "<br/>CLICK HERE TO <a href=\"RAY_login_example.php\">LOG IN</a>\n";
    die();
}

// SET THE EXPIRATION FOR COOKIES
define('COOKIE_LIFE', 60*60*24); // A 24-HOUR DAY IN SECONDS ( = 86,400 )
$cookie_expires	= time() - date('Z') - COOKIE_LIFE;

// CLEAR THE INFORMATION FROM THE $_SESSION ARRAY
$_SESSION = array();

// IF THE SESSION IS KEPT IN COOKIE, FORCE SESSION COOKIE TO EXPIRE
if (isset($_COOKIE[session_name()]))
{
    setcookie(session_name(), '', $cookie_expires, '/');
}

// TELL PHP TO ELIMINATE THE SESSION
session_destroy();


// OPTIONAL - CLEAR ALL COOKIES
// foreach ($_COOKIE as $key => $value)
// {
//    setcookie($key, '', $cookie_expires, '/');
// }

// OPTIONAL - REDIRECT TO THE HOME PAGE
// header("Location: /");
// exit;


// GIVE THE CLIENT A LINK TO THE LOGIN
echo "<br/>YOU ARE LOGGED OUT\n";
echo "<br/>CLICK HERE TO <a href=\"RAY_login_example.php\">LOG IN</a>\n";

Open in new window

0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 

Author Comment

by:visionari
ID: 34214687
Thank's, but didn't work, this is very strange... I must be doing something wrong... I am using the facebook connect (as I am using fb connect and some extra cookies, I would need to kill all cookies), should have any problems as they are all in the same domain, put it fails for some reason...

Thank's all :)
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34214736
What did you see when you ran this command:

var_dump($_COOKIE);
0
 

Author Comment

by:visionari
ID: 34214748
I see this:

array(3) { ["PHPSESSID"]=> string(32) "4f3995a7cc46b0d2bc7c9cdc28832af1" ["fbs_149865948383849"]=> string(308) "\"access_token=149865948383849|2.nMeKITzS_oQII4iZDtgXzA__.3600.1290733200-698363010|o7M1EoDsoJ0h04nN2baOIfiSy8k&base_domain=daniel.com&expires=1290733200&secret=nzlVtYkyI6jCK7s_cHoktQ__&session_key=2.nMeXMTzS_oQII4iZDtgXzA__.3600.1290733200-698363010&sig=81d6e6fd2528064597f1c518bc508d62&uid=698363010\"" ["conecta_fb"]=> string(11) "iniciado_fb" }
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34214802
You may find that easier to read if you echo "<pre>"; before the output.  And did you make sure that you have only ONE instance of the browser running?  Then if you run a script to delete the cookies, they will be gone.  

You can use Firefox to see your cookies.  On my implementation, it's something like Tools => Options => Privacy => remove individual cookies.
0
 
LVL 11

Expert Comment

by:bansidhar
ID: 34218911
unset($_COOKIE[$name]); won't help. What you are doing is removing the variable from the server side. Cookies are stored in browser so even if you delete it from the server side on next request the browser will send all those and will be re-created. so you have to ask the browser to remove the cookie from its side.

Removing cookie is bit strange. you have to set the cookie you want to remove with  exactly all the parameters used to set as you set it but with a pre date to remove it. This triggers the removal mechanism in your browser. Now if you do a redirect the any decent browser is supposed to clear the cookie.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34218935
@bansidhar: Exactly what I was trying to get across with the code example at ID:34213132.  I do not think all the parameters have to be the same when you remove a cookie.  The name has to be the same, and the expiration has to be in the past, but the other parameters do not seem to matter.
0
 
LVL 11

Expert Comment

by:bansidhar
ID: 34218993
other parameters also need to be the same (learned the hard way ;) ) you can have blank string for the value, but path, domain, secure and httponly parameters have to be the same
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 500 total points
ID: 34219062
Interesting - I will have to set up a test and see if I can get two cookies with the same name and different paths.
0
 

Author Closing Comment

by:visionari
ID: 34293468
couldn't solve problem...
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34294481
OK, Here are the results of my tests with cookies.  You can set a cookie with an identical name to an existing cookie if the paths are different.  However the browser will only return the cookies that are appropriate for your current path.  It looks like PHPwill find the most precise cookie, so if you have cookies for '/' and for '/xyz' and you are running in the '/xyz' path, you will see the cookie set for '/xyz' in the $_COOKIE array and will not see the cookie for '/'  However if you are running outside of the '/xyz' path you will see the cookie for '/' -- this makes sense.

So if you've gotten cookies set by a specific directory path, you will need to be running a script that is in that directory path to see the cookies, and to unset them.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How do I speed up this PDO query 4 41
Format Date 7 28
Can't Find The Code 15 21
Ordering displaying data in a drop down 3 11
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question