Hello everyone,
I'm working on a site with a login system. When you login, you have the option to set two cookies ($_COOKIE['username'] && $_COOKIE['password']).

On the main page is this code -



if(!isset($_SESSION['username'])) {
if(isset($_COOKIE['username'])) {
header('location:http://localhost/fldrstudios/Login/LoginCookie');
}
}


If they're not logged in, but they have the cookie, it redirects them to a page to verify their username and password and log them in (the password is hashed).

For some reason, when I point the header location to any file within fldrstudios/ IE9 says the page cannot be displayed. (it works fine if I point it to something like google)

This is the code used to set the cookies -



if(isset($_POST['remember'])) {
$user = $_SESSION['username'];
$pass = $_SESSION['password'];
setcookie('username', $user, time()+60*60*24*1000, '/');
setcookie('password', $pass, time()+60*60*24*1000, '/');
}


Can anyone think of a reason why it'd be doing this?

Is the issue that you aren't ending the single quote?:


header('location:http://localhost/fldrstudios/Login/LoginCookie');

Nope, sorry about that (must have acidentally done it while making my post (it's fine on the actual page))

There is definetely something else that's wrong...

Could they be in an infinite loop? Do you have the redirect code on the page they are redirected to as well?

Oh..... oops! *FACEPALM* Do you know why that'd cause that kind of error?

and one more completly unrelated question (I don't want to have to start a new thread)

How do I delete cookies?
I've tried -


if($_COOKIE['username']) {
echo '1';
setcookie("username", "", time() - 3600);
}
if($_COOKIE['password']) {
echo '2';
setcookie ("password", "", time() - 3600);
}

An infinite loop will result in never being able to display the page ;)



Deleting cookies can't be done literally, so you do what you're doing-- set it to a blank value and to a past time so that the browser clears it automatically.

You also cannot set a cookie for the current page load. It only works after the headers are sent, and therefore won't update while you're running the PHP this time. It'll be reset when the next page loads.

If you want to pretend you've already changed the cookie, then you need to edit the $_COOKIE array. For example, $_COOKIE['name'] = ''; Or unset().


If you want to pretend it can do it in real time and assume that the browser will accept the cookie (most will, but not all) you can do this:
<?php
function setcookielive($name,$value='',$expire=0,$path='',$domain='',$secure=false,$httponly=false) {
//set a cookie as usual, but ALSO add it to $_COOKIE so the current page load has access
$_COOKIE[$name] = $value;
return setcookie($name,$value,$expire,$path,$domain,$secure,$httponly);
}
?>

I need to do in on the page, because on the page it redirects to, it checks whether the cookie has been removed (I did what I posted before, and it's not removing the cookies). Can you use unset() on cookies?

What you are trying to do is impossible. PHP does NOT set cookies until it sends headers, after which you cannot send more headers or check the results. The browser will only send the new cookie data back on a new request.

You cannot use unset, no. That's for variables, not cookies.


If you want to simulate setting cookies in real time while assuming that it will work, you can use the function in my last post.


This is frustrating and can make cookies hard to deal with. But, no, you simply can't do this.


One option would be to redirect to an intermediate page that would be processed separately and decide where to redirect next. But you'd need that extra request in there.

But there is another problem that I keep saying! The code in one of my first posts IS NOT deleting the cookie anyway. I can't work out what I'm doing wrong with it???

Here's the coding for the two pages -

login.php


<?php
session_start();
if($_SESSION['username']) {
unset($_SESSION['username']);
}
if($_SESSION['password']) {
unset($_SESSION['password']);
}
if($_SESSION['email']) {
unset($_SESSION['email']);
}
if($_SESSION['permissions']) {
unset($_SESSION['permissions']);
}
if($_SESSION['lastLogin']) {
unset($_SESSION['lastLogin']);
}
if($_COOKIE['username']) {
echo '1';
setcookie("username", "", time() - 3600);
}
if($_COOKIE['password']) {
echo '2';
setcookie("password", "", time() - 3600);
}
header('location:Message/messageinbetween.php');
?>

messageinbetween.php


<?php
echo $_COOKIE['username'] . '<br />';
echo $_COOKIE['password'] . '<br />';
echo $_SESSION['username'] . '<br />';
echo $_SESSION['password'] . '<br />';
echo $_SESSION['email'] . '<br />';
echo $_SESSION['permissions'] . '<br />';
echo $_SESSION['lastLogin'] . '<br />';
?>

That's page still prints the cookies username and password (they're not being deleted!)

Hm. That's strange. What if you don't use the redirect. Do it manually. Maybe your browser isn't sending new cookie data with the second request after the redirect. I'm not sure what's going on there.


A small note. You should use isset() rather than just if($var).


if($_COOKIE['username']) {
should be:
if(isset($_COOKIE['username'])) {

That's more precise and will work regardless of the value of the cookie. If the value is 0 or something similar to that, the plain if($var) method might fail.

YYYYYYYYYYYYYYYYEEEEEEEEEEEEEEEEEEEESSSSSSSSSSSSSSS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(I fixed it)

I changed

setcookie("password", "", time() - 3600);
to

setcookie("password", "", time() - 3600, '/');

to make it work throughout the entire directory's and now it works fine?:confused:

Thanks for all your help djr33!

Oh, right. If you're doing that in a subdirectory, it will only work there and in contained directories.
Same for subdomains if that's relevant for you. (And HTTPS.)

Thanks for all the help you've givin me!
Keyboard1333