cookie set but system not read

**runrunforest** · Dec 1, 2008 22:29

Hi,

I am working on user cookie and session, I set cookie after user login so they don't have login again within 45 minutes.

Upon testing, I close the browse then open it again, go to user section, i have to login again, which not what i wanted.

**Raju Gautam** · Dec 1, 2008 22:55

Can you please show how you have done so far for setting the cookie? Is it server where you have stored the session or in the user's browser? And how you have done retrieving the registered/set cookie in second time?

**runrunforest** · Dec 1, 2008 23:11

My login.php

Code PHP:

if(isset($_SESSION['loggedin']))
{
	$url=URL;
 
	setcookie(active[username], $username, time()+3600,"/",$url);
	setcookie(active[email], $email, time()+3600,"/",$url);
	setcookie(active[password], $password, time()+3600,"/",$url);
 
	if(isset($_POST['ref']))
	{
		header('Location:' . base64_decode($_POST['ref']));
		exit();
	}
	else
	{
		header('Location:'.$url.'account.php');
		exit();
	}
 
}

my user section

Code PHP:

if(isset($_COOKIE['active']))
{	
	$username = $_COOKIE['active']['username'];
 
	$result = mysql_query("SELECT id, username, email, name, land_line, mobile, address, city, region, feedback FROM user WHERE username= ('{$username}') ") or die(mysql_error());
 
	if(mysql_num_rows($result) == 1)
	{
		$rows = mysql_fetch_array($result);
	}
}
else
{
$url=URL;
 
header('Location:'.$url.'login.php');
 
exit();
 
}

**Raju Gautam** · Dec 1, 2008 23:16

Are you sure these lines are not giving any warnings/errors?

PHP Code:


setcookie(active[email], $email, time()+3600,"/",$url);
setcookie(active[password], $password, time()+3600,"/",$url);

I think the keys are to be quoted:

PHP Code:


setcookie("active[email]", $email, time()+3600,"/",$url);
setcookie("active[password]", $password, time()+3600,"/",$url);

**crmalibu** · Dec 2, 2008 00:13

The first step is to make sure the cookies are being sent to the client. Some browsers have addons which can view http headers, which is the best way. You can also just check your cookies and see if it's there, although this only tells you if the browser accepted it. Same goes for typing the following into your browsers address bar

Code:

javascript:alert(document.cookie)

Make sure the browser is not set to delete cookies upon being closed, and disable antivirus software. There's some kinda IE related bug I beleive where cookies may not get set if the http response includes a location header, which you're doing. I've never encountered it but thought id mention it.

**runrunforest** · Dec 2, 2008 01:12

Originally Posted by rajug

Are you sure these lines are not giving any warnings/errors?

PHP Code:


setcookie(active[email], $email, time()+3600,"/",$url);
setcookie(active[password], $password, time()+3600,"/",$url);

I think the keys are to be quoted:

PHP Code:


setcookie("active[email]", $email, time()+3600,"/",$url);
setcookie("active[password]", $password, time()+3600,"/",$url);

error fixed but problem still remains.

I am giving you the source code hope you can help me sort it out

login.php

Code PHP:

<?php
$errors = array();
 
if(isset($_POST['submit']))
{
	$fields = array('email', 'password');
 
	foreach($fields as $field)
	{
		if(!empty($_POST[$field]))
		{
			${$field} = mysql_real_escape_string(trim($_POST[$field]));
		}
		else
		{
			$errors[] = 'you forget '.$field;
		}
 
	}	
	if (isset($email, $password)) 
	{
		$salt = 'hello';
 
		$result = mysql_query("SELECT id, username, activation FROM user WHERE (email = '{$email}' AND password = SHA1('{$password}{$salt}'))")or die(mysql_error());
 
		if (mysql_num_rows($result) > 0) 
		{
			$activation = mysql_result($result, 0, 'activation');
 
 
			if(strlen($activation) < 1)
			{
				$errors[] = 'account not yet activated';
			}
			else if($activation == 1)
			{ // now logged in, creating cookie	
 
				$username = mysql_result($result, 0, 'username');
 
				$url=URL;
 
				setcookie("active[username]", $username, time()+3600,"/");
				setcookie("active[email]", $email, time()+3600,"/");
				setcookie("active[password]", $password, time()+3600,"/");
 
				if(isset($_POST['ref']))
				{
					header('Location:' . base64_decode($_POST['ref']));
					exit();
				}
    			else
    			{
					header('Location:'.$url.'account.php');
					exit();
				}
 
			}
 
		}
		else
		{			
			$errors[]= 'Email or password incorrect';
		}
 
	}
 
}
 
?>

account_section.php

Code PHP:

<?php
 
if(isset($_COOKIE['active']))
{	
	$username = $_COOKIE['active']['username'];
 
	$result = mysql_query("SELECT id, username, email, name, land_line, mobile, address, city, region, feedback FROM user WHERE username= ('{$username}') ") or die(mysql_error());
 
	if(mysql_num_rows($result) == 1)
	{
		$rows = mysql_fetch_array($result);
	}
}
else
{
$url=URL;
 
header('Location:'.$url.'login.php');
 
exit();
 
}
 
?>

my website, you can see how it works from here;
http://translate.google.com/translat...-8&sl=vi&tl=en

email: mymail@gmail.com
password: hellobaby

**runrunforest** · Dec 2, 2008 01:46

Originally Posted by crmalibu

The first step is to make sure the cookies are being sent to the client. Some browsers have addons which can view http headers, .

I've checked the cookies, they are stored in browser

**felgall** · Dec 2, 2008 02:09

Then you need to look at the part of the code that is supposed to read the cookie and log you back in as it must be that part that isn't working.

**runrunforest** · Dec 2, 2008 02:39

Originally Posted by felgall

Then you need to look at the part of the code that is supposed to read the cookie and log you back in as it must be that part that isn't working.

I guess so.

I have been looking at the code for a long time still can not find out what have been done improperly.

**felgall** · Dec 2, 2008 03:26

Have you tried echoing $_COOKIE['active'] to see what it contains?

**Raju Gautam** · Dec 2, 2008 03:29

Originally Posted by felgall

Have you tried echoing $_COOKIE['active'] to see what it contains?

Since $_COOKIE['active'] is the array itself so try to

PHP Code:


print_r($_COOKIE['active']);

rather than echoing.

**runrunforest** · Dec 2, 2008 04:45

I've checked and the value is as expected, which is good.

But the weird behavior still remains

**Raju Gautam** · Dec 2, 2008 05:32

If you have the values while print_ring the $_COOKIE['active'], try to echoing your SQL to see how it looks with the retrieved value:

PHP Code:


$sql = "SELECT id, username, email, name, land_line, mobile, address, city, region, feedback FROM user WHERE username='" . $username . "'";
echo $sql;
$result = mysql_query($sql) or die(mysql_error());

Can you post here the output of print_r($_COOKIE['active'])?

**runrunforest** · Dec 2, 2008 06:05

Originally Posted by rajug

If you have the values while print_ring the $_COOKIE['active'], try to echoing your SQL to see how it looks with the retrieved value:

Can you post here the output of print_r($_COOKIE['active'])?

Ok, here is the result
Array ( [username] => no hot [email] => mymail@gmail.com [password] => hellobaby ) .

http://www.badede.com/login.php try to log in with the id above, then close the browser then open back, open http://www.badede.com/login.php again, it will force you to log in, but dont log in yet, click on the account link (tai khoan) , it will let you go through as if you logged in.

Now you see the problem I was talking about

**felgall** · Dec 2, 2008 12:56

So the problem is with the processing of what was read from the cookie. Having read the cookie you need to redirect to the same page hat logging in goes to once the login is successful.

User Tag List

Thread: cookie set but system not read

Thread Tools

Display

cookie set but system not read

Bookmarks

Bookmarks

Posting Permissions