COOKIE Delete mystery

halojoy

<?php

$usa = new UserSession();

// get status
echo $usa->id.' '.$usa->name.' '.$usa->level.'<br />';

// login + status
$name = 'xxxxx'; $pass = 'yyyyy'; $remember = true;
$usa->doLogin($name, $pass, $remember);
echo $usa->id.' '.$usa->name.' '.$usa->level.'<br />';

// logout + status
$usa->doLogout();
echo $usa->id.' '.$usa->name.' '.$usa->level.'<br />';

exit();

?>

I am working with a user session class.
For handling user session and login cookies.
The script above is for testing login and logout with cookie.

Here is my setcookie line.
$code = 40 chars string, SHA1 hash
$this->cooktime = 3600 (1 hour)

setcookie($this->cookname, $code, time()+$this->cooktime);

First I tried this function for delete cookie:

	private function delCookie(){
		if(isset($_COOKIE[$this->cookname])){
			setcookie($this->cookname, '', time()-3600);
			unset($_COOKIE[$this->cookname]);
		}
		return true;
	}

This is very much standard. Used in many codes I have seen.

But every second time I refresh my testscript
it does not work to keep the user logged out!
It kinda toggles the logged in/out status of user .......

So, I have tried to see if I could come up with delete cookie function, that works 100%.

This is what I have found works:

	private function delCookie(){
		if(isset($_COOKIE[$this->cookname])){
			setcookie($this->cookname, '', time()-3600);
			setcookie($this->cookname); //added line to ensure reset cookie
			unset($_COOKIE[$this->cookname]);
		}
		return true;
	}

Can somebody explain why I have to
setcookie() two times, in order for it to work ..... ???

🙂

bradgrafelman

You have to show us the line where the cookie is set in the first place. You can't unset a cookie without knowing exactly how it was set.

halojoy

Here is my setcookie line:

setcookie($this->cookname, $code, time()+$this->cooktime);

$code = 40 chars string, SHA1 hash
$this->cooktime = 3600 (1 hour)

bradgrafelman

Not sure why it wouldn't be deleting them, unless the date/time wasn't set properly on your server (and/or local computer).

halojoy

I think I have got it now.
But Cookies are not very easy to understand.

The problem with using as a test,
if(isset($_COOKIE[$this->cookname])){
is that it does not always sync with the value set in setcookie()
So, when I remove this line, and make an unconditional delete of cookie
then it works.

Also, when setting cookie at login
we can manually set the $COOKIE Array to same value as in setcookie.
This way the $COOKIE[cookiename] is in sync with the intended value of cookie.

This looks like it is working 100%

    // setcookie and set $_COOKIE value
    setcookie($this->cookname, $code, time()+$this->cooktime);
    $_COOKIE[$this->cookname] = $code;


private function delCookie(){
	setcookie($this->cookname, NULL, time()-3600);
	$_COOKIE[$this->cookname] = NULL;
	return true;
}