?
Solved

Trouble deleting cookie

Posted on 2015-01-01
3
Medium Priority
?
72 Views
Last Modified: 2015-01-05
I'm having trouble deleting a cookie using PHP.  The URL is https://buildmomentum.org/register/staff/index.php. When I run the login page, the cookie is still showing up.  Use the login information below to set the cookie.  Then click your back button and login again.  If you see what I see, you'll still the cookie in the variable dump.

Login
email address: steve@somedomain.com  
password: pass

This is the first page used to login the user and delete the cookie if it exists.  (Code at the beginning is used just for troubleshooting.)
.
  <?php
date_default_timezone_set('America/New_York');
//remove staff cookie to start over with a registration
echo "<pre>";
		var_dump($_COOKIE);
echo "</pre>";
	
if (isset($_COOKIE["mo_id_invite"])){
	//remove cookie
	echo "this is running";
	setcookie ("mo_id_invite", "", time() - 3600);
	}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Momentum Staff Registration</title>
</head>

<html>
<body>

<table width="600" align="center">
  <tr>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td>Enter your email address and temporary password emailed with your staff invitation. Once you register, you will receive a new password and instructions to log into your account.</td>
  </tr>
  <tr>
    <td><form action="login_staff_code.php" method="post" name="form1" id="form1">
      <table width="377" align="center">
        <tr>
          <td width="253">Email</td>
          <td width="335"><label for="email_address"></label>
            <input type="text" name="email_address" id="email_address" /></td>
        </tr>
        <tr>
          <td>Password</td>
          <td><input type="password" name="password" id="password" /></td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td><input type="submit" name="submit" id="submit" value="Log In" /></td>
        </tr>
      </table>
    </form></td>
  </tr>
</table>
</body>
</html>

Open in new window


I'm using this code (login_staff_code.php) to check the username and password and set the cookie.  (Code at the beginning is used just for troubleshooting.)

<?php
date_default_timezone_set('America/New_York');
echo "<pre>";
		var_dump($_COOKIE);
echo "</pre>";

if (isset($_COOKIE["mo_registrant"])){
	echo "mo_registrant "  . $_COOKIE["mo_registrant"];
}

if (isset($_COOKIE["mo_id_invite"])){
	echo "mo_id_invite "  . $_COOKIE["mo_id_invite"];
}

?>
  
  <?php //used to register staff 

if (isset($_POST['submit'])) {
	$var_email_address=$_POST['email_address'];
	$var_password=$_POST['password'];
	//Check staff_invites table for login information

	try {
		$qry_staff = new PDO("connection info);
    	foreach($qry_staff->query("SELECT field FROM table WHERE email_address='$var_email_address' AND password='$var_password'") as $row_staff) {
			$var_id_invite=$row_staff['field'];
			//Set cookie with staff_invite ID
			setcookie("mo_id_invite", $var_id_invite, time() + (86400 * 30), "/"); // 86400 = 1 day
			exit;
			//redirect_to("../nextpage.php?id_invite=$var_id_invite");
		}
    	$qry_staff = null;
	} catch (PDOException $e) {
		//echo $e;
	    
    	die();
	}
	echo "Username/Password combination does not match our records.";
	exit;
}

Open in new window

0
Comment
Question by:stkoontz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 2000 total points
ID: 40526924
I had a similar problem last month.  I solved it by making the code almost exactly the same for to both set and delete the cookie.  Try this to delete the cookie.
setcookie ("mo_id_invite", "", time() - 3600, "/");

Open in new window

I added the domain to the cookie also for both setting and deleting.  If the path or domain are not the same, then there will be two cookies, not one.  What I ended up doing is like this.
// set cookie
setcookie("mo_id_invite", $var_id_invite, time() + (86400 * 30), "/", ".buildmomentum.org");
// delete cookie
setcookie("mo_id_invite", "", time() - 3600), "/", ".buildmomentum.org");

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40526928
There is a possibility that your browser is cacheing the responses.  The back button is not the right tool to use when you're looking for a new request from the browser, and a new response from the server.  You might want to try it like this:

1. Do the login
2. Refresh the page after the login.  The new request should send the cookie and you'll still be logged in,
3. Do the logout (or whatever process you use to remove the cookie)
4. Refresh the page.  At this point the browser should not send the cookie again.

A general design pattern for PHP client authentication is shown in this article.  It uses the session for short-term authentication and a cookie for the "remember me" functionality.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Some more information on how PHP handles sessions is given in this article.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html

HTH and Happy New Year, ~Ray
0
 
LVL 2

Author Comment

by:stkoontz
ID: 40527903
Happy New Year.  Thanks to both for responding on a holiday!

Dave: Being consistent and adding the domain name on the code to set/remove the cookies has helped.

Ray: The user might use the back button to start over on their registration.  Is location.reload(forceGet) the best command to use to reload the page?

Thanks again,

Steve
0

Featured Post

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question