SitePoint Sponsor

User Tag List

Results 1 to 16 of 16

Thread: Cookie problem

  1. #1
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Cookie problem

    Hi,
    i have 2 functions, one sets the cookie and other clears it.
    PHP Code:
            function setCookie($uName,$uPass,$remember)
            {
                
    $value $uName.'|@|'.$uPass.'|@|'.$remember;
                
    setcookie('u',$value,time()+(60*60*24*360),DIRROOT.'/');
                return 
    TRUE;
            }
            function 
    clearCookie()
            {
                
    setcookie('u','',time()-36000,DIRROOT.'/');
                return 
    TRUE;
            } 
    Now, as per logic, this should work and logout the user (it uses session and cookie both, it first clears the session and then clears the cookie)

    but the problem is, its not clearing the cookie. i tested in IE and FF, both showing the same thing, it means something is wrong in my functions, but i cant figure out what it is.

    can you please tell me what am i doing wrong?
    ---------------------------
    Errors = Improved Programming.
    My Site

  2. #2
    SitePoint Evangelist nsj's Avatar
    Join Date
    Oct 2005
    Location
    Jamaica (W.I)
    Posts
    447
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am not seeing anything wrong with the clearCookie function. Maybe it's the way you call it?

    Why don't you print the value of the cookie right before RETURN TRUE the function or, browse for the cookie itself and see the contents of it? This can be done from the tools, options,privacy menu in FF 1.5.

    Also, when testing for the cookie, instead of checking whether the cookie exists, check the particular contents of the cookie.

    Good Luck!

  3. #3
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, i did, its not clearing the cookie.
    i tried to change its value and tried to expire it by yime()-3600,
    its just not clearing up,

    i call the login page like
    http://www.domain.com/myproject/my/l...o=login&p=auth

    and i call the logout page like
    http://www.domain.com/myproject/my/l...=logout&p=auth


    Just Now, i tried calling the redirect page directly like
    http://www.domain.com/myproject/my/l...uth/logout.php

    and it did work

    What do you think is the wrong by calling and including the page in first call??
    ---------------------------
    Errors = Improved Programming.
    My Site

  4. #4
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I always use header('Location: ' . $destination); after destroying a session. The change in a cookie or session usually won't take place until the next page the user requests.

  5. #5
    SitePoint Zealot
    Join Date
    May 2003
    Location
    Midwest
    Posts
    100
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would verify that your static variable of DIRROOT has the value you think it does in it first.

    Second I have found IE and firefox tend to be picky so when unsetting cookies I like to make sure I get every browsers attention.

    <?php
    setcookie('login','',0);
    setcookie('securehash','',0);
    setcookie('shorthash','',0);
    setcookie('login','',time() - 999999,"/","$cookiedomain");
    setcookie('securehash','',time() - 999999,"/","$cookiedomain");
    setcookie('shorthash','',time() - 999999,"/","$cookiedomain");
    setcookie('login','');
    setcookie('securehash','');
    setcookie('shorthash','');



    ?>
    Cyberlot Technologies Group
    FlashUnity - PHP Based Flash communications server


  6. #6
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't like the idea of putting passwords in a cookie in the first place. You should seriously consider putting private information in a session variable instead of sending it back and forth with each request. Moreover, I've never found a valid reason to store the password anywhere outside the "member" table in the database at all once a user has logged in. Instead, I set $_SESSION['logged_in'] = true and use expirable tokens and server-generated "security code" images to authenticate the user when he tries to modify application data.

  7. #7
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    a.dotty.dot, i am redirecting the user after logging out, but thanks for suggestion, i'll check that too, in case redirection is not working properl. it is working as far as i know, but i'd checkit again

    and cyberlot, thanks for letting me know, i'll put all the possible options to clear that cookie,

    but its stil weird, it clears the cookie(with same code), if i refere to page directly.
    BUT, if i include it, it doesn't work
    ---------------------------
    Errors = Improved Programming.
    My Site

  8. #8
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by a.dotty.dot
    I don't like the idea of putting passwords in a cookie in the first place. You should seriously consider putting private information in a session variable instead of sending it back and forth with each request. Moreover, I've never found a valid reason to store the password anywhere outside the "member" table in the database at all once a user has logged in. Instead, I set $_SESSION['logged_in'] = true and use expirable tokens and server-generated "security code" images to authenticate the user when he tries to modify application data.
    The password i encrypted and its just not encrypted password, its encrypted after contcatinating a secret string like
    sha1(sha1($password).$secStr);

    So, even if they decrypt it, they wont get the password, and the string is totally different for all users and it has characters in it, which if copied and pasted, wont work.

    But, point taken. the cookie is only used, if user checks the"Remember Me' option, which states they dont want to register everytime, and they understand, the password will be stored in cookie, same like sitepoint (i think).
    ---------------------------
    Errors = Improved Programming.
    My Site

  9. #9
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    JR,

    Gotcha. I use a JavaScript MD5 implementation in the onsubmit() handler for my login form. The password is never transmitted in the clear.

  10. #10
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by a.dotty.dot
    JR,

    Gotcha. I use a JavaScript MD5 implementation in the onsubmit() handler for my login form. The password is never transmitted in the clear.
    Nice, do you have some kind of demo for me to see
    you made me curious
    ---------------------------
    Errors = Improved Programming.
    My Site

  11. #11
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    just thought about it, i dont think its possible in my situation, as after submitting the password, i get the information from database and then encrypt the password with the string in DB.

    do you have any suggestions for this situation??
    ---------------------------
    Errors = Improved Programming.
    My Site

  12. #12
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jaswinder_rana
    Nice, do you have some kind of demo for me to see
    you made me curious
    Check your PMs. It's on a K6-2/450 (the one I'm posting from, in fact) so don't expect amazing performance.

  13. #13
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jaswinder_rana
    just thought about it, i dont think its possible in my situation, as after submitting the password, i get the information from database and then encrypt the password with the string in DB.

    do you have any suggestions for this situation??
    Both the submitted password and the one stored in the database must be MD5 hashed before the validation comparison occurs. Comparing an MD5 hashed password to the actual clear text password, for example, would cause the login to fail.

  14. #14
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I understand, i mean i use it like this

    sha1(sha1($pass).$str);

    $str is extracted from DB when user is validated. if i encrypt the password, then it'll encrypt it again and then it wont match.

    hmm... i think i have to create another function and one more function parameter might do

    thanks
    ---------------------------
    Errors = Improved Programming.
    My Site

  15. #15
    SitePoint Addict
    Join Date
    Nov 2005
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I can't remember where I got the MD5 JavaScript, but the same guy has client-side scripts for SHA1, base64_encode, and a few others. Well worth Googling up.

  16. #16
    Umm. PHP Guru....Naaaah jaswinder_rana's Avatar
    Join Date
    Jul 2004
    Location
    canada
    Posts
    3,193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, i really appreciate it and i got it working.

    thank you everybody and specially a.dotty.dot, for the great tips and help you provided.
    ---------------------------
    Errors = Improved Programming.
    My Site


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •