PDA

View Full Version : Logout - Kill Cookie



jimijoe
11-29-2005, 12:51 AM
Hello,

I'm using: Remember Form Values (http://www.dynamicdrive.com/dynamicindex16/formremember.htm) for form textbox. :D

What script should I use to kill the cookie while I am logging out? :confused:

Thanks,
Jimijoe

jscheuer1
11-29-2005, 06:17 AM
You really shouldn't do that. The script is only intended for use with unsecure data. Anything that you wouldn't want automatically filled in upon the user's return should not be included. There is no telling how a user will logout or what browser they will be using. Therefore, there is no reliable way to ensure that a cookie will get deleted if say, a user browsing with Opera (Opera will not respond to the onunload event, which is what would have to be used to cover this contingency) logs out simply by closing the current window while other windows of the browser session are still open. That would be an innocent way of avoiding cookie deletion, there are other more contrived ways and probably a few other scenarios I can't think of at the moment that would also be innocent.

jimijoe
12-02-2005, 04:33 AM
So, what script is used for the forum when we logout it kills the cookies(All cookies cleared!)?

jscheuer1
12-02-2005, 05:45 AM
That is part of the PHP code for the forums and, it isn't reliable. As a result, I have many times booted up my machine, surfed over to the forums, only to find that I am still logged in from the last time!

This call should empty the cookie:


document.cookie = "mvalue"+window.location.pathname+"="

But, where to use it? onunload is already used by the script to save the current values. If you use it as an onclick event at logout, ex:


<input type="button" value="Log Out" onclick="document.cookie = 'mvalue'+window.location.pathname+'=';">

There is no guarantee users will log out that way. That is why I say, don't use this script on anything other than data that it is OK if it falls into the hands of unauthorized folks, because, no matter what you do, it will.