I created a login that allows a user to set a cookie. Then when they logout it destroys the cookie (and session variables). I also have a profile page that checks if the cookie is set, if not you get an error message saying you aren't logged in and if it is displays profile info.
I've done the following which results in differently in IE and Mozilla.
1)Login and choose remember (cookie is set).
2)Logout.
3)Go to profile page.
Mozilla gives an error message (as it should) and IE displays the users profile (gah!).
CODE
/* functions */
function checkUserCookie($refreshTo, $refresh)
{
if(isset($_COOKIE['USER']) && isset($_COOKIE['PASS']))
{
/* Cookie is found, check ID and password
If both match set SESSION variables
and continue to Index
*/
$safe_id = mysql_real_escape_string(trim(strip_tags($_COOKIE['USER'])));
$safe_pass = mysql_real_escape_string(trim(strip_tags($_COOKIE['PASS'])));
$query = " SELECT count(*)
FROM Customers
WHERE custID = '".$safe_id."' AND custPassword = '".$safe_pass."'";
$result = mysql_query($query);
$count = mysql_result($result,0,0);
if($count == 1)
{
$_SESSION['auth'] = true;
$_SESSION['userID'] = $safe_id;
if($refresh === true)
{
header( "Location: ".URL."/".$refreshTo."");
die();
}
}
}
}
CODE
/* login */
session_start();
session_cache_limiter('none');
if($_GET['action'] == "login")
{
/* ..... validation and setting session variables here ... */
if(isset($_POST['remember']))
{
setcookie("USER",$_SESSION['userID'],time()+(21 * 24 * 60 * 60),'/');
setcookie("PASS",$password,time()+(21 * 24 * 60 * 60),'/');
}
}
CODE
/* index */
session_start();
session_cache_limiter('none');
if($_GET['action'] == "logout")
{
setcookie('PASS','',time() - 60*60);
setcookie('USER','',time() - 60*60);
session_destroy();
header('Location: url/login.php');
}
CODE
/* Profile.php */
session_start();
session_cache_limiter('none');
checkUserCookie("", false);
I've omitted code obviously, but any idead why it would work for one and not the other?