HELP: Using Cookies for Login

sledgeweb

I'm trying to use cookies for persistent login (that is, the user clicks a checkbox if they want a cookie to remember their login details for their next visit).

After they submit the login form, if they checked the remember box, I do something like this (if there login was correct):

if ($remember == 1)
			{
			$code = md5($pass);
			setcookie ("LoginCookie[name]", $username, time() + 31104000, "", ".url.org"); 
			setcookie ("LoginCookie[code]", $code, time() + 31104000, "", ".url.org"); 
			}

I then set some session variables, and use a header("Location: menu.php") to move them to the menu page.

The problem is, the Cookies aren't really set. If I create an error on the page, so it has to reload, the cookies are set... but obviously, this isn't a workable solution.

I believe it has something to do with cookies being set when headers are passed. For some reason, the cookies aren't set when the header is redirected to the menu page.

How can I get my cookies to really set before moving on to the menu page after verifying the users login details?

Drakla

I use a location change and set cookies and it works for me fine - like

setcookie('user', $name, $cookiePhysLife);
setcookie('eTime', $expires, $cookiePhysLife);
setcookie('checkSum', $myCheckSum, $cookiePhysLife);

header("Location: $_SERVER[SCRIPT_NAME]");
exit;

Just in case you're not doing it, put an exit after the location. Though if your script is visibly relocating the cookie should also be set, but give it a whirl.

sledgeweb

That didn't do anything. I created a simplified test version, and it still doesn't work. Here is the code:

<? 
if (isset($_POST['Submit']))
{
$name = $_POST['name'];
$pass = $_POST['pass'];
$code = md5($pass);
setcookie ("LoginCookie[name]", $name, time() + 31104000); 
setcookie ("LoginCookie[code]", $code, time() + 31104000); 
header("Location: Login2.php");
exit;
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<form name="form1" method="post" action="">
  <p>
    <input name="name" type="text" id="name">
</p>
  <p>
    <input name="pass" type="password" id="pass">
</p>
  <p>
    <input type="submit" name="Submit" value="Submit">
  </p>
</form>
</body>
</html>

Login2:

<? 
print_r($_COOKIE);
?>

And, Login2.php outputs:

Array ( [PHPSESSID] => 841db18b655e85a1055915ae2edfbfb8 )

Why isn't it creating the cookies? Can anyone help?

Erkilite

You might want to check your cookie/privacy settings if you are using IE, i had a similar problem and had to add my testing server as a trusted site for cookies to work, not sure why.

You might also want to empty your cache, just an idea.

sledgeweb

I've tried with IE and FireFox.

I can only get a cookie to set if I don't redirect, and if I hit the refresh button after submitting the form.

sledgeweb

OK, after some research, I think the problem is with IIS. Apparently it strips cookies from the heads. Renaming the php.exe file nph-php.exe is supposed to fix that, but doesn't seem to work.

Now, it DOES work, if instead of using header("Location: page2.php"), I use header("Refresh: 0; URL=page2.php"). The problem with this is, it actually refreshes the page and you see it for a second before going to the next page. I can't let it do that, because it will confuse the user. So... any more ideas on how to get around this problem?