cookie bug

djkanebo · Jun 9, 2003

hi all

i have this code which checks if a cookie has been set to "admin". If it has then the admin user can see the page, else access to the page is refused.

When someone logs out, the cookies are set to "" and time()-3600. This works fine when I operate my software on localhost.
When I put it onto the server though, the cookie does not seem to get cleared. It is as if it is being set somewhere else.

Is there something I have to do to the server?

Here is my code that does the reset,

==========================================

<?php

global $HTTP_GET_VARS;
$status = $HTTP_GET_VARS["status"];
echo "STATUS = $status<br>\n";

if($status=="logout")
{
	setcookie("userCookie", "", time()-3600);
	//$_COOKIE["userCookie"] = "";
	echo "ZZZ";
	echo $_COOKIE["userCookie"];
	//$_COOKIE["usernameCookie"] = "";
}

?>

==========================================

HELP!!

p.s. The code above works fine on localhost but not on server... anyone got a clue?

ereptur · Jun 9, 2003

try changing your cookie code to this

if($status=="logout") 
{ 
setcookie("userCookie"); 
$_COOKIE = array();
echo "ZZZ"; 
echo $_COOKIE["userCookie"]; 
}

djkanebo · Jun 10, 2003

Afraid that didn't work!

The cookie usercookie is initally unset. When i use a login feature, the usercookie is set to "admin" at a successful login. This leads to an admin functions page. Obviously i dont want people to be able to access admin pages without being logged in so there is a logout button which resets cookies to "".

When the logout button is pressed, we go back to the login screen and the cookie value is echoed as "".

But the problem arises when someone re-enters the URL of the admin page in the address bar. This loads (which it shouldnt!) and the value of the cookie is magical set back to "admin". There is no code in the script that does this!!!

Can anyone help? Are cookies duplicated on the server perhaps?? Any ideas??

djkanebo · Jun 10, 2003

someone must have had this problem before!?

anyone solves this and i will post them the money for a pint!!

jimson · Jun 11, 2003

em... tell me which version of php your server host use.

use phpinfo() to get the information. incase u dont know.
if < 4.1.0 then use $HTTP_COOKIE_VARS

laserlight · Jun 11, 2003

If you delete a cookie specifying the expiry time, then you must have set it specifying the expiry time.

Sometimes you'll have to refresh your browser to check though, as the page might be cached.
It would also be good to delete your cookies so that there would be no interference if your implementation was wrong at the start.

maniac1aw · Jul 3, 2003

I am you have solved this by now.... anyways this happened to me

DOES NOT WORK:

setcookie ("cookie", "", time()-3600);

DOES WORK:

setcookie ("cookie","",time()-3600,"/",getenv("HTTP_HOST"));

epitomy · Jul 4, 2003

Not sure if you resolved this or not, but it is interesting to note that IE 5.5+ require the domain aspect of the cookie to be set ... and different security configurations of IIS can also cause cookies to not be able to be set.

I had experienced this problem with PHP Nuke on Win 2k Adv, PHP 4.3.2, and ended up rebuilding the server as I couldn't track down the exact policy that was causing the problem.

For me, the cookies were getting set in Mozilla based browsers, but not IE.

Food for thought
~Steve

djkanebo · Jul 4, 2003

unfortunately this still won't work. This has to be the weirdest problem i have ever came across!! The code i have written works on the localhost but fails as soon as it is uploaded onto the web server!

Thanks for your efforts in helping me to try and reolve this problem but so far they have been unsuccessful

Has anyone else got any ideas??

What exactly do you mean you had to do by rebuilding your server to fix the problem... i don't like the sound of that!!!

laserlight??? maniaclaw???? epitomy??????

help!!!!!!!

cookie bug

Ddjkanebo

==========================================

Eereptur

Ddjkanebo

Ddjkanebo

Jjimson

laserlight

Mmaniac1aw

Eepitomy

Ddjkanebo