Bizarre Cookie Problem

Boyer · March 17, 2008, 7:28pm

Hi all,

I’ve been having a heck of a time trying to get my cookies set with setcookie() to delete…
I had them deleting properly if I would exclude the path and domain arguments, but with them, they will set but not unset.

I have tried changing the time for the expiring cookie from -1, to -3600, to -960000. I’ve tried combinations of including or not including the path or domain… Nothing seems to work. I’m totally stumped.

This is happening on both IE and Firefox…

Here is the code I am using:

[code]// Checks the password with DB or else error time!
if($_POST[“password”] == “$password”) {

		// This sends a cookie to tell the browser to delete itself when browser closes.

			if (isset($_POST["logout"])) {
				// Should have $cookie_path in this cookie, but it won't work yet.
				$cookie_path="/";

				setcookie("aid", "", time()-960000, "/", ".example.net", 0);
				setcookie("password", "", time()-960000, "/", ".examplenet", 0);
				mysql_query("UPDATE ".$COUNT_TBL["visitors"]." SET host=' ".$userinfo["id"]." ' WHERE ip = '$REMOTE_ADDR' ") or die(mysql_error());

           header("Location: index.php");

			} else {
				// This sends a cookie that stays valid for one year
				$cookie_path="/";
				setcookie("aid", "$userinfo[id]", time()+3600*24*365, "/", ".example.net", 0);
				setcookie("password", "$encrypted_password", time()+3600*24*365, "/", ".example.net", 0);
				mysql_query("UPDATE ".$COUNT_TBL["visitors"]." SET host='".$userinfo["id"]."' WHERE ip='$REMOTE_ADDR' ") or die(mysql_error());

        header("Location: index.php");
			}

		} else {
			header("Location: login.php?error=2");
		}
}

}[/code]

Zyppora · March 18, 2008, 8:33am

Any timestamp in the past (time()-10) should work to remove a cookie, or invalidate it. What’s important in removing cookies is that all parameters, sans the value (and the timestamp of course) are the same as the ones they were set with.

Boyer · March 19, 2008, 8:04pm

Hey, Thanks for the reply. I’m well aware that that is how cookies are supposed to behave. Is there something in my code to suggest I have not done just that? If there is, I cannot see it…

Except for the accidental typo I made in the domain name. Both would be “example.net”.

Am I supposed to not include the place holder for the value? ie:

setcookie("aid", time()-3600, "/", ".example.com", 0);

Zyppora · March 20, 2008, 9:24am

No, you should always use placeholders for unused parameters, unless there are no more used parameters and all following parameters are optional (meaning they default to some value). I’m thinking using the correct domain name is mandatory, but I haven’t been able to test that. Are you sure your browser allows cookies? I presume the setcookie() function returns TRUE?

Boyer · March 20, 2008, 2:08pm

Yes, setcookie() returns true, and the browser(s) definitely have cookies enabled.

Like I said above, the cookies that start the session will set fine, but the cookies that close the session will NOT set… Unless I remove all the additional paramaters.

So if I set (or unset) the cookies like this:

setcookie("aid", "blah", time()+3600*24); setcookie("aid", "", time()-3600);

everything works properly. When I add the path and domain, they will set, but not unset. The domain is correct in my implementation of course.