问题
In my login script, if a user select 'remember me' it sets cookie like this:
setcookie("a", $valuea, time()+2595000, "/");
setcookie("b", $valueb, time()+2595000, "/");
and when a user (with 'remember me') select logout, the logout.php script unset cookie by the following way:
if(isset($_COOKIE['a']) && isset($_COOKIE['b'])){
setcookie("a","", time()-2595000, "/");
setcookie("b","", time()-2595000, "/");
setcookie(session_id(),"",time()-2595000, "/");
}
However, after logout the user is redirected to login page and login page checks the user login status by the following code:
if($_COOKIE['a']=='' || $_COOKIE['b']==''){
echo 'You are not logged in.';
}else{
echo 'You are logged in with remember me.Your cookie is: '.$_COOKIE['a'].' and '.$_COOKIE['b'];
}
But I found that user is not logged out and cookie is showing with value. I am not finding why the setcookie is not clearing the value of cookie a and b. Any idea?
回答1:
You can use session also:
Like This in the remember me function:
session_start();
$_SESSION['a'] = "valuea";
$_SESSION['b'] = "valueb";
And in the logout function:
session_unset();
session_destroy();
header("login.page")
And for checking in the login page:
if(!isset(@_SESSION['a']) && !isset($_SESSION['b'])){
echo "You are not logged in.";
}
else{
echo "You are logged in with " . $_SESSION['a'] . 'and' . $_SESSION['b'];
}
回答2:
Atlast I found the problem. Actually in real code, what was happening, I was checking $_COOKIE just after deletion in the same logout page (not after redirecting to login page). I forgot that the cookie is sent by the browser and if you do not go to next page, changes in cookies will not be visible to you. So, if you try this in logout.php:
//deletion of cookies
if(isset($_COOKIE['a']) && isset($_COOKIE['b'])){
setcookie("a","", time()-2595000, "/");
setcookie("b","", time()-2595000, "/");
setcookie(session_id(),"",time()-2595000, "/");
}
//checking the existence of cookies
if($_COOKIE['a']=='' || $_COOKIE['b']==''){
echo 'You are not logged in.';
}else{
echo 'You are logged in with remember me.Your cookie is: '.$_COOKIE['a'].' and '.$_COOKIE['b'];
}
Then it will give you false information. Although the cookies are deleted, but you will see "You are logged in ..................." because cookies which was get by php in logout.php will remain in the php memory until user moves to next page. If you check the existence of those cookies in next any page, then you will see there is no cookie (those were really deleted.)
My question is to all experts, is there any way to cross-check whether the cookies are really deleted in the same page after deletion?
回答3:
To clear your cookies upon logout, set them by only passing the cookie name, no values.
Like this:
setcookie('a');
setcookie('b');
setcookie(session_id());
回答4:
The right way to delete cookies is to set expiration date to past time and leave value empty as shown below. Browser will automatically delete such cookie. This example is also discussed on "Example #2 setcookie() delete example"
Using unset($_COOKIE['a']) will not work since it will only delete cookie value in the array, and it will appear again next time the page is loaded. And hence changes will not effect value in the browser.
<?
setcookie("a", "", time() - 3600);
?>
来源:https://stackoverflow.com/questions/27763145/cookie-is-not-unsetting