cookies

tuf-web_co_uk

hey peeps

i have a script which logs a user in, and sets a cookie (/users/login.php)

$namecookie=$_POST['username'];
setcookie('user', $namecookie, time()+(3600 * 24), "theutherfish.com"); 
$timecookie=time();
setcookie('time', $timecookie);

when logged in the user goes to a control panel, from which they can do numorous things
the user can tell he/she is logged in because of a script at the top of my main page (/index.php)

 <? if ($_COOKIE['user']) {
  echo "welcome $_COOKIE[user]";
  }
  else {
  echo "welcome guest";
  }
  ?>

the user then logs out using a logout script, which is suppose to clear the cookie (/users/logout.php)

<?
setcookie('user', '');
setcookie('time', ''); 
?>

but when they have logged out instead of echoing "welcome guest" at the top of the main page
it still echos "welcome $_COOKIE[user]"

please can someone tell me how to stop this?!

thanks Jon 🙂

OhLordy

You could either unset the cookie instead of setting it to '' or you could change the if condition to
if($COOKIE['user'] && $COOKIE['user']!='')

HTH
Rob

tuf-web_co_uk

hey i tried both things you said

unset($_COOKIE['user']);

and changing the if statement but i still seem to get
"welcome 'user'" instead of "welcome guest"

however on my logout page i have the welcome script loaded on it
and this shows welcome guest
(/users/logout.php) where as viewing the script from (/index.php) shows welcome user

the welcome script is loading from an includes directory (/includes/banner.php)

if this makes any difference

thanks again for the help

Jon

tuf-web_co_uk

now my cookie isnt being sent to the /index.php page but it still says that i am logged on (/users/index.php)

please can someone help?!

matt_4013

To set your cookies:

// Set your cookies (you need to set the path as well as the domain
setcookie("user", $namecookie, time() + 86400, "/", "theutherfish.com");
setcookie("time", time(), time() + 86400, "/", "theutherfish.com");

Then to check them, use this:

// This is quite an insecure way of going about it though, it's piss easy to spoof a cookie
if(isset($_COOKIE['user'])) {

echo "Welcome, ".$_COOKIE['user']."!";
} else {

echo "Welcome Guest!";
}

Then to unset your cookies you need to set the expiry time to a previous date. I use now, minus 1 day, to account for timezones 🙂

// Unset the cookies
setcookie("user", "", time() - 86400, "/", "theutherfish.com");
setcookie("time", "", time() - 86400, "/", "theutherfish.com");

// And just to make sure (this shouldn't make a difference, but it has before, so it's included)
unset($_COOKIE['user']);
unset($_COOKIE['time']);

Hope that helps,
Matt

tuf-web_co_uk

yay, thats like the final nail in the coffin for my little project

thanks very much for your help peeps

worked GrEaT 😃

Jon 🙂