Cookies are killing me!

mrwilder

Ok, I'm lost.
I read everything I could find in here and elsewhere about cookies, but, uh, don't seem to understand the solution.
I want to use cookies to track "logged in" users, and want them to be able to "log out" (without having to close their browser, and without having to hit "refresh") as well.
To set the cookie (this works) I use the following on the "log in" page :
<?php
if (!($user==""))
{
setcookie ("EEUID", $user, 0, "/", "www.employersemail.com", 0);
}
if (!($pass==""))
{
setcookie ("EEPWD", $pass, 0, "/", "www.employersemail.com", 0);
}
?>

Now, on the "log out" page I currently have:
<?php
setcookie("EEUID", "" , time()-1000000 , "/", "www.employersemail.com", 0);
setcookie("EEPWD", "" , time()-1000000 , "/", "www.employersemail.com", 0);
?>
The script starts on the first line of the file, with no leading spaces- sometimes it seems like no cookie is being sent at all, as I have set MSIE to "prompt" before receiving cookies and it's not saying "do you want to accept this cookie?" on the "log out" page. On the other hand, if I hit "refresh", the cookie IS gone!
Both the "log in" and "log out" page are in the SAME directory ("/signin", to be exact).
I've also tried everything else under the sun I could think of, including trying it in a few different languages. Yes, I read the documentation where it says "Cookies will not become visible until the next loading of a page that the cookie should be visible for." ; but my cookies are being set correctly on the"log in" page!

In this case, I am using php3, not 4.

I'm not proud, if somebody wants to tell me exactly what I need to do here, that would be just great... otherwise, anybody have a clue? It needn't be an exclusively php solution...

Thank you for your time.

Anon

to remove a cookie, just do

setcookie("EEPWD");

that will remove it rather than forcing it to expire as you are. i think it is expiring on the first page but after php already imports the value... then on the second page it is gone.

mrwilder

Thanks, I tried that.
The first line of my "sign out" page now reads:
<?php
setcookie("EEUID");
setcookie("EEPWD");
?>
but it doesn't work.

I'm not quite sure what you mean by "it is expiring on the first page but after php already imports the value"... but it sounds good!

You can see the effect of my attempt at this use of cookies at http://www.employersemail.com/myaccount ... if you type in any name (whoever) and password (whatever), any of the three pages at "Account Tools", "Find Employment", or "Find Employees" will thereafter offer you a choice to "log out 'whoever'", which SEEMS to indicate that a temporary cookie HAS been set.

Unfortunately, if you click on one of the "sign out whoever" links (which takes you to the 'setcookie("EEUID");' page)... the cookies still seem to be set to "whoever" and "whatever".

Surely scores of people have used cookies for this very purpose... anybody got a couple of pages with some exact code I can peruse?

I guess I should redo this with sessions... but it sure would be nice not to rewrite these pages and learn the correct way to do this with cookies.

nileshn

I am not sure why cookies are not being set. But as regards the refresh part, I think you must be using POST function for login. So when you refresh, it possibly doesn't have the value of $user and knocks off the cookie. Try using GET instead. If it works, you will have to do something for the POST thing.

Nilesh

mrwilder

Hi, thanks a lot for taking the time to try to help me out.

The thing is, the POST operation from the sign in form works... as I can verify by looking at my cookie.txt file.

It's only when I try to expire or delete the cookie that the operation fails.

The sign in form posts $user and $pass to signin.php3 which immediately calls
<?php
if (!($user==""))
{
setcookie ("EEUID", $user, 0, "/", "www.employersemail.com", 0);
}
if (!($pass==""))
{
setcookie ("EEPWD", $pass, 0, "/", "www.employersemail.com", 0);
}
?>

which works, as verified by special cookie generated tags on the other pages and by looking at my cookie file (see http://www.employersemail.com to see the exact pages in question, if you wish). It expires correctly when I shut the browser window, as well.

However, when the user tries to log out, he/she will be sent to signout.php3, which immediately calls:
<?php
setcookie("EEUID", "RESET" , time()-1000000 , "/", "www.employersemail.com", 0);
setcookie("EEPWD", "RESET" , time()-1000000 , "/", "www.employersemail.com", 0);
//setcookie("EEUID");
//setcookie("EEPWD");
//I also tried ten thousand other things
?>

but the "special cookie generated tags" are still visible on the pages, and the cookie is not updated in my cookie.txt file.

The cookie FAQ at http://www.cookiecentral.com/faq/#6.2 clearly states that:
"The two main steps to clearing a cookie you have created are:

1.Set the cookie's value to null.
2.Set the cookie's expiration date to some time in the past."

and furthermore that
"The reason you must do both is that simply setting the expiration to a past time will not change it's value until the browser is closed. That is, all cookie names, values, expirations, etc are resolved once the browser program has been closed. Setting the cookie to null allows you to properly test for the cookie until that resolution. "

Now, I believe I am attempting to call this header correctly with my code, but obviously I am not.

Thank you very much for your help... any other ideas?

mrwilder

ARRGH!

I should have said that among other things, I've tried all these to expire the cookie:

<?php
setcookie("EEUID", "" , time()-1000000 , "/", "www.employersemail.com", 0);

setcookie("EEUID", null , time()-1000000 , "/", "www.employersemail.com", 0);

setcookie("EEUID");

setcookie("EEUID", "garbage", time()-1000000 , "/", "www.employersemail.com", 0);

setcookie("EEUID", "", 0);

//and more

?>