[Resolved] Cookies Causing Probs

TheMayhem

I have decided to use a php session + cookie based site from previously just using cookies. So here are my main parts.

$user = mysql_fetch_array(mysql_query("SELECT * FROM user WHERE username='".addslashes($name)."'"));
setcookie("cookieid", $user[id], time()+86400,"/betaf","nodqforums.com");
$_SESSION['uid'] = $user[id];

Logout Remove Session + Cookie

setcookie("cookieid", 0, time()-86401,"/betaf","nodqforums.com");
unset($_COOKIE["cookieid"]);

$_SESSION = array(); 
session_destroy();

So far so good. On that page a person is logged out. Now for my index page basically if a user has a cookie stored I want them to be automatically recognized as login so their settings are saved and so forth. Problem is after logging out that session is destroyed, but if a user types in index.php, the cookie suddenly is still alive. Thus user won't be logged out.

if ($_COOKIE['cookieid'] >= 1) {
$_SESSION['uid'] = $_COOKIE['cookieid'];
}

Any ideas on how to solve?

dalecosp

You do realize that when you call session_start(), PHP sets a cookie automagically, and you really don't need to do so?

Mobius

http://www.hudzilla.org/phpbook/read.php/10_3_1

TheMayhem

Hmm... I have been going about this completely wrong.

I already had all of my pages do the session start function and was saving all sessions to this...

$_SESSION['uid']

My only problem is that session works perfectly fine but I wanted it so if a user closes their browser and an hour later reopens it, they would still be logged in the second they visit any of the pages. Much like how cookies work.

thorpe

for that you will need cookies then.

but I wanted it so if a user closes their browser and an hour later reopens it, they would still be logged in

i thought this was your problem?

but if a user types in index.php, the cookie suddenly is still alive. Thus user won't be logged out.

do you want users auto logged in or not?

TheMayhem

IF a user clicks logout, I want both the session and cookie to be destroyed.

Otherwise when a user comes to the site at any time of the day they are logged in unless they stay inactive for an X amount of time OR they logout. Problem is with the coding I posted above, on the logout it was destroying the session but the cookie somehow still remained alive and well any time right after that page a person would go to the main index.php page.

dalecosp

So something was wrong with the cookie code. One question would be, why are you setting the time parameter when you want to kill the cookie?

Mobius

Wouldn't the cookie expire if you give it a negative time, and therefore expire?

dalecosp

Well, I guess that is the RP. :o

Have we tried setting the cookie value to zero, then calling header() to another page that calls session_destroy() ?:

TheMayhem

Entering a negative worked. Thanks 🙂!