[RESOLVED] Cookie help..

[Jaquio]

Alright, heres the thing.. I have a login function working fine with cookies.. But when I logout it doesn't actually log you out.. The cookies are still there..
Could someone tell me how to make a logout functions?

PHP Code:

//This function logs you out
function logOut()
{
session_unregister('usercook');
session_unregister('passcook');
session_unregister('username');
session_unregister('password');

unset($usercook, $passcook, $username, $password);
session_destroy();

    echo "<B>$fontString You are now being logged out</b><bR><bR>";
    //echo "<a href=main.php>Click here to return to the login menu</a>";
    echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"3; URL=main.php\">";
} 


That is my logout function.. I have tried everything to remove the cookies an the values an whatnot.. Please someone help..

[john tindell]

You need to set the cookie expire time to one that has already past.
From: http://uk2.php.net/setcookie

PHP Code:

Example 2. setcookie() delete example
<?php
// set the expiration date to one hour ago
setcookie ("TestCookie", "", time() - 3600);
setcookie ("TestCookie", "", time() - 3600, "/~rasmus/", ".example.com", 1);
?>

[visualAd]

Alright, heres the thing.. I have a login function working fine with cookies.. But when I logout it doesn't actually log you out.. The cookies are still there..
Could someone tell me how to make a logout functions?

PHP Code:

//This function logs you out
function logOut()
{
session_unregister('usercook');
session_unregister('passcook');
session_unregister('username');
session_unregister('password');

unset($usercook, $passcook, $username, $password);
session_destroy();

    echo "<B>$fontString You are now being logged out</b><bR><bR>";
    //echo "<a href=main.php>Click here to return to the login menu</a>";
    echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"3; URL=main.php\">";
} 


That is my logout function.. I have tried everything to remove the cookies an the values an whatnot.. Please someone help..

You are using sessions. Which is better than cookies anyway. Rather than using session_unregister(), use the $_SESSION array and unset the variables you no longer need.

PHP Code:

unset($_SESSION['usercook']);
unset($_SESSION['passcook']);
unset($_SESSION['username']);
unset($_SESSION['password']); 


As to why your session variables are not being unset, have ensured that a call to session_start() has been made before calling session_unregister()?

[Jaquio]

You are using sessions. Which is better than cookies anyway. Rather than using session_unregister(), use the $_SESSION array and unset the variables you no longer need.

PHP Code:

unset($_SESSION['usercook']);
unset($_SESSION['passcook']);
unset($_SESSION['username']);
unset($_SESSION['password']); 


As to why your session variables are not being unset, have ensured that a call to session_start() has been made before calling session_unregister()?

That still didn't work.. I am not sure what I am doing wrong...

[visualAd]

After unsetting them, do some debugging:

Code:

print_r($_SESSION);

What does that print?

[Jaquio]

Hmm, it prints this

Before I clear:Session:Array ( [UserCook] => MyUser [PassCook] => MyPass )
After I clear:Session:Array ( )

if I refresh the page they both say "Array ( )", but if I go back to the main login page, the values are still there.. Any idea?

[visualAd]

Try doing a print_r($_SESSION) at the beginning of the login page too. If this is empty, then it means the values are coming from somewhere else. The fact the refreshing the page shows an empty array, means that the sessions are functioning properly.

[Jaquio]

Try doing a print_r($_SESSION) at the beginning of the login page too. If this is empty, then it means the values are coming from somewhere else. The fact the refreshing the page shows an empty array, means that the sessions are functioning properly.

All values are empty on the login page, the values come back when I and/or someone else presses the back button on their browser.. Would removing a session on one page, also stop the other session if you were to say, go back? If so.. Why is it that when I login, the values are set, I logout they are unset but if I press the back button I am logged in again.. Any idea?

[visualAd]

You should not be logged in again. If after pressing the back button you press Ctrl+F5, it will update properly. The browser caches the page, you cna stop this however by sending cache control headers. There are some examples here: http://www.php.net/header

[Jaquio]

You should not be logged in again. If after pressing the back button you press Ctrl+F5, it will update properly. The browser caches the page, you cna stop this however by sending cache control headers. There are some examples here: http://www.php.net/header

Even if I go back an refresh the page, the values are still there.. Why? I think I MAY have found my problem but am not sure how to fix it.. See, this is the way I have it setup..

PHP Code:

session_start();
$UserCook = $Username;
$PassCook = $Password;
session_register("UserCook");
session_register("PassCook"); 


The $Username an $Password come from a form input box.. Would coming back to the login page, reset the values from the input box into the session settings? If so.. That is my problem.. How would I fix this is, if it is?

[Jaquio]

*BUMP*

Any idea, anyone?

[visualAd]

You've answered your own question, you are resetting the variables in the login page.

[Jaquio]

Yes, but how do I fix that? Any ways I try, they get set back no matter what..

[visualAd]

Don't set them

You only want to set them if the user name and password were sent? Correct? so?

PHP Code:

if (isset($_POST['Password'], $_POST['Username'])) {
    $UserCook = $_POST['Username'];
    $PassCook = $_POST['Password'];
    session_register("UserCook");
    session_register("PassCook"); 
} 


[Jaquio]

That still doesn't fix my problem.. See, lets say you logout? What would stop the user from being able to be logged back in, if he/she were to press the back button on their browser? Because if you go back, no matter what I do the values are always set back to what they were.

[penagate]

I dont see the issue.

- User Logs out. Session destroyed. Cookie deleted.
- User clicks "Back"
- Page will appear as if they are logged in. Normal browser behaviour when going back.
- User tries to do somethiing that requires being logged in. Error, because they're not actually logged in.

The issue you describe could only occur if you are not properly deleting the auto login cookie and so the user is being logged back in. John explained how to delete cookies in the very first reply.

So which bit exactly is going wrong?

[visualAd]

When you click the back button you may be presented with a message which asks if you want to resens the posted data. If you click yes, the user name and password will be sent again, logging the user in.