Not signed in (Sign In)

SkillShare - A place to discuss Web Standards and Web Design topics

Categories

Vanilla 1.1.9 is a product of Lussumo. More Information: Documentation, Community Support.

Server Side Scripting / Coding: Want to delete cookie when logout button is clicked

Bottom of Page

1 to 5 of 5

  1.  
    • CommentAuthorverb
    • CommentTimeDec 21st 2006 edited
     permalink
    Hi,

    I'm trying to delete this cookie, but I can't seem to find out what I'm doing wrong here. Any ideas?

    This is the code for index.php (I removed some irrelevant parts to make it as short as possible):


    <?
    // Include config.php which has $admin_username and $admin_password in it
    require_once "config.php";

    if (isset($_COOKIE['verb_admin']) && $_COOKIE['verb_admin'] == md5($admin_password)) {

    	// Get variables from URL
    	$pri = strtolower($_GET['pri']);
    	$sec = strtolower($_GET['sec']);
    	$ter = strtolower($_GET['ter']);
    	
    	if ($pri == "logout") {
    		setcookie("verb_admin", "", time()-60000); // This is where it goes wrong, I guess
    	} else {
    		$logout_button = "<a href=\"/admin/uitloggen/\"?phpMyAdmin=4594f30712f4fabaff6997416810f3f2>Uitloggen</a>"; // Make logout button
    	}
    	
    } else { // Display login form

    	if ($_SERVER['REQUEST_METHOD'] == "POST") {
    		
    		$login_username = stripslashes($_POST['login_username']);
    		$login_password = stripslashes($_POST['login_password']);
    		
    		if ($login_username == $admin_username && $login_password == $admin_password) {
    			setcookie("verb_admin", md5($login_password), time()+(31*86400));
    			header("Location: /admin/");
    		} else {
    			$error = "Wrong username or password.";
    		}
    	}

    	$title_output = "Login | ".$sitename;
    	
    	$body = "<h2>Login</h2>\n\n";
    	if ($error) { $body .= "<p class=\"error\">$error</p>\n\n"; }
    	$body .= "<form action=\"/test/\" method=\"post\"><input type="hidden" name="phpMyAdmin" value="4594f30712f4fabaff6997416810f3f2" />\n";
    	$body .= "<ol>\n";
    	$body .= "<li><label for=\"login_username\">Username</label>\n";
    	$body .= "<input type=\"text\" name=\"login_username\" id=\"login_username\" size=\"30\" maxlength=\"80\" value=\"$login_username\"></li>\n";
    	$body .= "<li><label for=\"login_password\">Password</label>\n";
    	$body .= "<input type=\"password\" name=\"login_password\" id=\"login_password\" size=\"30\" maxlength=\"80\" value=\"$login_password\"></li>\n";
    	$body .= "</ol>\n";
    	$body .= "<div><input type=\"submit\" value=\"Send\"></div>\n";
    	$body .= "</form>\n";

    }
    ?>
    <html>
    <head>
    <title><?=$title_output?></title>
    </head>
    <body>
    <?=$body?>

    <div id="footer"><?=$logout_button?></div>
    </body>
    </html>


    This is the code in my .htaccess ($pri is used to see if the user wants to log out, in this case):

    RewriteEngine On
    RewriteRule ^([a-zA-Z0-9\_]+)/([a-zA-Z0-9\_]+)/([a-zA-Z0-9\_]+) index.php?pri=$1&sec=$2&ter=$3
    RewriteRule ^([a-zA-Z0-9\_]+)/([a-zA-Z0-9\_]+) index.php?pri=$1&sec=$2
    RewriteRule ^([a-zA-Z0-9\_]+)/$ index.php?pri=$1
    RewriteRule ^([a-zA-Z0-9\_]+)$ index.php?pri=$1
    RewriteRule ^(.*)$ index.php [QSA]
    •  
      CommentAuthorziyphr
    • CommentTimeDec 22nd 2006
     permalink
    Ensuring a cookie is removed in all cases needs a bit of testing. The classic problem is people have 2 cookies - www.domain.com and domain.com, and logging out only gets rid of one. We had some problems with this so I changed the logout code to cover all cases - including removing any temp sessions.

    if (isset($_COOKIE['verbaarschot_admin'])) {
    setcookie("verbaarschot_admin", '', time()-42000,'/','.domain.org.uk');
    setcookie("verbaarschot_admin", '', time()-42000,'/','www.domain.org.uk');
    setcookie("verbaarschot_admin", '', time()-42000,'/','domain.org.uk');
    setcookie("verbaarschot_admin", '', time()-42000,'/');
    unset($_COOKIE['verbaarschot_admin']);
    }
    @session_destroy();
    setcookie(session_name('PHPSESSID'), '', time()-42000,'/','.domain.org.uk');
    setcookie(session_name('PHPSESSID'), '', time()-42000,'/','www.domain.org.uk');
    setcookie(session_name('PHPSESSID'), '', time()-42000,'/','domain.org.uk');
    setcookie(session_name('PHPSESSID'), '', time()-42000,'/');
    @session_destroy();
    header("Location: http://your_index_page");

    Shorter versions may be more elegant but this worked for me.
    • CommentAuthorverb
    • CommentTimeDec 23rd 2006
     permalink
    Hey ziyphr,

    I've given it a try with the code you provided, but when I click the logout button I'm still not logged out... :-(
    •  
      CommentAuthorziyphr
    • CommentTimeDec 24th 2006
     permalink
    Assume you replaced my domain.org.uk with yours.

    Try var_dump($_COOKIE) in your header to make sure you details are in fact still there after clicking logout. Personally speaking I'd not use .htaccess at all here to keep it all in the PHP code.

    Also try testing it by changing set_cookie to have a lower time, I.e. time()+200.
    • CommentAuthorbrent3721
    • CommentTimeFeb 4th 2008
     permalink
    if the file that set the cookie is in a sub-directory (such as /files/ for instance) then you need to replace '/' in the above example with "/files/" or it won't work in Safari. Took me forever to figure that out...

    brent
    @
    mimoymima.com

1 to 5 of 5

  1.  
Add your comments
    Username Password
  • Format comments as (Help)
 
Back to Discussions Top of Page