VERY Strange ??

Anon

Hello all,

On my web site I use to delete the cookie on the logout option. In logout function I have written the statemens below :

setcookie ("cookie_of_user");
setcookie ("cookie_of_user", "", time() - 3600);
setcookie ("cookie_of_user", "", time() - 3600, "/");
header ("Location: index.php");

it was working fine but now I have started receving complains from some of our users. they saying that they can enter into the secured pages even after logging out and on the secured pages they found the value of $cookie_of_user=deleted , On everypage I have writen a script to check wheather the cookie is empty or not like..

if ($cookie_of_user=="")
{
header ("Location: index.php");
exit;
}

but if it found $cookie_of_user=deleted then it will allow to enter . So my question is "where this value"deleted" is comming from ?? and what is the solution ??

Any Idea ?? I will be thankful if anybody hels me out.

Thanx in anticipation

Tabish

van__

if ($cookie_of_user=="")
{
header ("Location: index.php");
exit;
}

is quite different than
$cookie_of_user="deleted"

which nicely explains why your users are still able to access the 'secured' areas after 'logging out'.

And I haven't the slightest idea where in your code that may be coming from.
Perhaps you should change your detection script to something like:

if (($cookie_of_user=="") || ($cookie_of_user=="deleted"))
{
header ("Location: index.php");
exit;
}

as a quick fix while you hunt down your real problem.

Anon

yeah you are right Van because it is a BUG in PHP .. you can take a look for more details..

http://www.geocrawler.com/lists/3/Web/5/0/7731998/

Thanx for your help buddy ..

Regards
Tabish