|
Junior Member
Join Date: Dec 2009
Location: TN
Posts: 24
|
Cookies not overwritten, just added
After a long search to find the same basic steps at random forums, I decided it is time to post. And this forum seems to cover all the programming topics I might require, so here we go:
I have a Linux server running PHP hosting a site with multiple users logging in to the system. Of course, their info needs to be kept separately. So, I use a combination of session variables for current logins and cookies for returning users. Cookies also keep the SESSIDPHP value more secure. I have been noticing a problem only recently that users are logged out at random...and also logged in "mysteriously" even after pressing logout link. Firefox suddenly will not let users logout as if the session has not ended, IE8 logs them out at random, but will log them back in on other URLs without the user loggin in.
My investigation shows no changes made recently to the files, and as a point of order, the file included to make the cookies is the same for all URLs on the domain. Yet, some pages in IE will be logged out, others will log {back} in automatically. In Firefox, this is less common, but a user simply cannot log out. {This is a problem for those with multiple accounts.} Also keep in mind that this happens even when cookies have been removed. All of these are able to be circumvented if sessions are destroyed and variables set (or unset) when the user clears out cookies from the browser(s). I can add code to the logout link function to do that. However, if the user does not remove cookies, the log in/out problems remain. The logout function does include a redirect header back to the main page where they "should" no longer be logged in to the system.
In Firefox and IE, the cookies are obviously getting added without issue using code:
$cookie_timeout=3600;
setcookie("cookie_v1", "goodval", time()+$cookie_timeout, "/");
Assuming this cookie needs a valid value to keep them logged in, I should be able to either expire the cookie out , or change the value to indicate they are no longer logged in so the next loading of the page kicks them out.
The problem I think is causing the issues is that "changing these cookies on logout" is not changing the cookie but adding a new one. If I call the function to change the value or the expiration (or both) like this:
setcookie("cookie_v1", "badval", time()-$cookie_timeout, "/");
I get two cookies. The old one is still there for the future that will keep them logged in because cookie_v1="goodval" still for this copy of the cookie...then later in the list, the new one that is expired and bad. Because it is expired, it will be removed later by the browser leaving the one that shows them still logged in. I need to change the original cookie, not add more copies of the same cookie. But either method will work, set to bad value or expire so no cookie is present. I have tried variations as well to change the cookie as follows:
setcookie("cookie_v1");
setcookie("cookie_v1", "badval");
setcookie("cookie_v1", "badval", 1, "/");
setcookie("cookie_v1", "badval", 1);
setcookie("cookie_v1", "", time()+$cookie_timeout);
setcookie("cookie_v1", "", time()-$cookie_timeout);
setcookie("cookie_v1", "goodval", time()-$cookie_timeout, "/");
setcookie("cookie_v1", "goodval", time()-$cookie_timeout, "/",".mydomain.com");
etc...
I also made sure that if a path or domain was included in the creation, all modification of that cookie included the same path and domain. In all cases, a new cookie was made with my new values, but the old one remains unchanged. Would anyone please help?
I guess I need to find out the answers to these questions to solve the problem.
In what order does a browser use multiple cookies with the same name and same path/domain? First one, last one,???
Can you change more than one cookie setting in the same call from the original values? For example, can I modify both the value and expiration when I reset the cookie? (However, I did experiment with only changing one at a time...to no help.)
Is there a setting that allows you to overwrite a cookie instead of making new ones in a file like .htaccess or php.ini similar to the "php_value session.use_only_cookies 1" line that I may be missing?
What else can cause a cookie not to update assuming the above are all okay?
Thank you to anyone who responds or suggests an idea. I hope that is enough detail to focus on the problem. Any help will be appreciated. Thank you.
|
Linear Mode
