hey guys
im wondering if i can delete all my website's cookies when user click on logout
because i used this as function to delete cookie but its not functioning properly
setcookie("user",false);
is there a way to delete one domain's cookies in php ?!
make sure you call your setcookie function before any output happens on your site.
also, if your users are logging out, you should also delete/invalidate their session variables.
Cookies are stored on the client's computer, so you can never command them to be deleted. All you can do is set them to expire or overwrite them. If that is not good enough then you would have to inject a malicious trojan on to your users computers in violation of security and local laws to find the cookies relevant to your domain only and then delete those.
Taken from that page, this will unset all of the cookies for your domain:
// unset cookies
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
}
$past = time() - 3600;
foreach ( $_COOKIE as $key => $value )
{
setcookie( $key, $value, $past, '/' );
}
Even better is however to remember (or store it somewhere) which cookies are set with your application on a domain and delete all those directly.
That way you can be sure to delete all values correctly.
You should be aware of various tracking tools like Google Analytics also use cookies on your domain and you don't want to delete them, if you want to have correct data in GA.
The only solution I could get working was to set the existing cookies to null. I couldn't delete the cookies from the client.
So for logging a user out I use the following:
setcookie("username", null, time()+$this->seconds, "/", $this->domain, 0);
setcookie("password", null, time()+$this->seconds, "/", $this->domain, 0);
Of course this doesn't delete ALL cookies.