stkoontz
asked on
Trouble deleting cookie
I'm having trouble deleting a cookie using PHP. The URL is https://buildmomentum.org/register/staff/index.php. When I run the login page, the cookie is still showing up. Use the login information below to set the cookie. Then click your back button and login again. If you see what I see, you'll still the cookie in the variable dump.
Login
email address: steve@somedomain.com
password: pass
This is the first page used to login the user and delete the cookie if it exists. (Code at the beginning is used just for troubleshooting.)
.
I'm using this code (login_staff_code.php) to check the username and password and set the cookie. (Code at the beginning is used just for troubleshooting.)
Login
email address: steve@somedomain.com
password: pass
This is the first page used to login the user and delete the cookie if it exists. (Code at the beginning is used just for troubleshooting.)
.
<?php
date_default_timezone_set('America/New_York');
//remove staff cookie to start over with a registration
echo "<pre>";
var_dump($_COOKIE);
echo "</pre>";
if (isset($_COOKIE["mo_id_invite"])){
//remove cookie
echo "this is running";
setcookie ("mo_id_invite", "", time() - 3600);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Momentum Staff Registration</title>
</head>
<html>
<body>
<table width="600" align="center">
<tr>
<td> </td>
</tr>
<tr>
<td>Enter your email address and temporary password emailed with your staff invitation. Once you register, you will receive a new password and instructions to log into your account.</td>
</tr>
<tr>
<td><form action="login_staff_code.php" method="post" name="form1" id="form1">
<table width="377" align="center">
<tr>
<td width="253">Email</td>
<td width="335"><label for="email_address"></label>
<input type="text" name="email_address" id="email_address" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" id="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" id="submit" value="Log In" /></td>
</tr>
</table>
</form></td>
</tr>
</table>
</body>
</html>
I'm using this code (login_staff_code.php) to check the username and password and set the cookie. (Code at the beginning is used just for troubleshooting.)
<?php
date_default_timezone_set('America/New_York');
echo "<pre>";
var_dump($_COOKIE);
echo "</pre>";
if (isset($_COOKIE["mo_registrant"])){
echo "mo_registrant " . $_COOKIE["mo_registrant"];
}
if (isset($_COOKIE["mo_id_invite"])){
echo "mo_id_invite " . $_COOKIE["mo_id_invite"];
}
?>
<?php //used to register staff
if (isset($_POST['submit'])) {
$var_email_address=$_POST['email_address'];
$var_password=$_POST['password'];
//Check staff_invites table for login information
try {
$qry_staff = new PDO("connection info);
foreach($qry_staff->query("SELECT field FROM table WHERE email_address='$var_email_address' AND password='$var_password'") as $row_staff) {
$var_id_invite=$row_staff['field'];
//Set cookie with staff_invite ID
setcookie("mo_id_invite", $var_id_invite, time() + (86400 * 30), "/"); // 86400 = 1 day
exit;
//redirect_to("../nextpage.php?id_invite=$var_id_invite");
}
$qry_staff = null;
} catch (PDOException $e) {
//echo $e;
die();
}
echo "Username/Password combination does not match our records.";
exit;
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Happy New Year. Thanks to both for responding on a holiday!
Dave: Being consistent and adding the domain name on the code to set/remove the cookies has helped.
Ray: The user might use the back button to start over on their registration. Is location.reload(forceGet) the best command to use to reload the page?
Thanks again,
Steve
Dave: Being consistent and adding the domain name on the code to set/remove the cookies has helped.
Ray: The user might use the back button to start over on their registration. Is location.reload(forceGet) the best command to use to reload the page?
Thanks again,
Steve
1. Do the login
2. Refresh the page after the login. The new request should send the cookie and you'll still be logged in,
3. Do the logout (or whatever process you use to remove the cookie)
4. Refresh the page. At this point the browser should not send the cookie again.
A general design pattern for PHP client authentication is shown in this article. It uses the session for short-term authentication and a cookie for the "remember me" functionality.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
Some more information on how PHP handles sessions is given in this article.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html
HTH and Happy New Year, ~Ray