PHP cookie handling in I.E., mozilla destroys cookie, while IE doesnt seem to |
PHP cookie handling in I.E., mozilla destroys cookie, while IE doesnt seem to |
kryles |
Apr 7 2008, 09:51 AM
Post
#1
|
Novice Group: Members Posts: 21 Joined: 30-November 07 Member No.: 4,437 |
Hi,
I created a login that allows a user to set a cookie. Then when they logout it destroys the cookie (and session variables). I also have a profile page that checks if the cookie is set, if not you get an error message saying you aren't logged in and if it is displays profile info. I've done the following which results in differently in IE and Mozilla. 1)Login and choose remember (cookie is set). 2)Logout. 3)Go to profile page. Mozilla gives an error message (as it should) and IE displays the users profile (gah!). CODE /* functions */ function checkUserCookie($refreshTo, $refresh) { if(isset($_COOKIE['USER']) && isset($_COOKIE['PASS'])) { /* Cookie is found, check ID and password If both match set SESSION variables and continue to Index */ $safe_id = mysql_real_escape_string(trim(strip_tags($_COOKIE['USER']))); $safe_pass = mysql_real_escape_string(trim(strip_tags($_COOKIE['PASS']))); $query = " SELECT count(*) FROM Customers WHERE custID = '".$safe_id."' AND custPassword = '".$safe_pass."'"; $result = mysql_query($query); $count = mysql_result($result,0,0); if($count == 1) { $_SESSION['auth'] = true; $_SESSION['userID'] = $safe_id; if($refresh === true) { header( "Location: ".URL."/".$refreshTo.""); die(); } } } } CODE /* login */ session_start(); session_cache_limiter('none'); if($_GET['action'] == "login") { /* ..... validation and setting session variables here ... */ if(isset($_POST['remember'])) { setcookie("USER",$_SESSION['userID'],time()+(21 * 24 * 60 * 60),'/'); setcookie("PASS",$password,time()+(21 * 24 * 60 * 60),'/'); } } CODE /* index */ session_start(); session_cache_limiter('none'); if($_GET['action'] == "logout") { setcookie('PASS','',time() - 60*60); setcookie('USER','',time() - 60*60); session_destroy(); header('Location: url/login.php'); } CODE /* Profile.php */ session_start(); session_cache_limiter('none'); checkUserCookie("", false); I've omitted code obviously, but any idead why it would work for one and not the other? |
Darin McGrew |
Apr 7 2008, 11:34 AM
Post
#2
|
WDG Member Group: Root Admin Posts: 8,365 Joined: 4-August 06 From: Mountain View, CA Member No.: 3 |
It's just a guess, but maybe MSIE sees a cookie that expired an hour ago, and just ignores it without checking whether it corresponds to an existing unexpired cookie.
|
kryles |
Apr 7 2008, 11:45 AM
Post
#3
|
Novice Group: Members Posts: 21 Joined: 30-November 07 Member No.: 4,437 |
isn't setting a negative expire time the way to delete a cookie though? How else should I try it, setting the cookie to false maybe
|
Brian Chandler |
Apr 7 2008, 02:14 PM
Post
#4
|
Jocular coder Group: Members Posts: 2,460 Joined: 31-August 06 Member No.: 43 |
isn't setting a negative expire time the way to delete a cookie though? How else should I try it, setting the cookie to false maybe Don't know. But can I assume you've read http://jp2.php.net/manual/en/function.setcookie.php ?? |
Ephraim F. Moya |
Dec 8 2010, 04:49 PM
Post
#5
|
Advanced Member Group: Members Posts: 167 Joined: 2-September 07 From: New Mexico Member No.: 3,702 |
There is NO cache_limiter( 'none' )
cache_limiter is supposed to be BEFORE the start. Have you thought about whether either browser is set to forget cookies when offline? Why use sessions AND cookies? Pick one and stick with it. All header info MUST be set before the page is sent. Can't tell from your postings whether you're doing that or not. This post has been edited by Ephraim F. Moya: Dec 8 2010, 05:39 PM |
Lo-Fi Version | Time is now: 19th April 2024 - 07:52 AM |