views:

145

answers:

6

I'm building an autologin system using cookies, but one fundamental part of the functionality of the cookies fails: they are non-persistent over different sessions - or even pages! In my login script, I set the cookies like this:

setcookie('userID', $userID, time()+86400); // (edited after replies)

$userID has a value.
Then I print the $_COOKIE variable and it says array(['base_usid'] => 1); So that's good, but when I click the home page and print the $_COOKIE variable there, it says NULL.
Does anyone see the problem?

+3  A: 

Cookies should have a time value for how long they should stay... Check http://php.net/manual/en/function.setcookie.php

In other words, change it to: setcookie('userID', $userID, time()+86400); to make it stay for a day for example.

Pino
Yes, you're right. I should actually add an expiration time, as I want the cookies to survive a browser restart. However, in this case, the cookies don't even stay as long as one page refresh. I tried the expiration time, but it doesn't solve the problem.
RemiX
+2  A: 

Cookies need an expiration time. Otherwise they are by default destroyed when a user closes his browser.

Ben Fransen
+2  A: 

Try this instead

setcookie("userID", $userID, time()+3600);

This will last for an hour. Make the number bigger to have it last longer.

To unset / remove it, change the plus + to a minus -

:)

Tim
You're assuming that the user has an accurate clock and is in the same time zone as whatever the page is serving up. It's best to use the epoch date of 1970-01-01 00:00:00 for trying to unset cookies. It's highly unlikely a user with a bad clock will be hitting the page within the first second of booting up.
Marc B
A: 

If its still not working after you've set an expiry time (and you've checked the clocks on server and client are correct) then have you checked that the cookie is being sent? Sounds like the problem with 'headers already sent'. Which would also imply you have a problem with error reporting / logging.

C.

symcbean
Headers are sent by the Zend Framework, I don't know much about it, but I would think it should do it correctly. Error reporting is E_ALL ^ E_NOTICE, so that should report errors with headers if there were any.
RemiX
Does that mean you haven't checked if the cookies are sent from the server?
symcbean
A: 

Do you want to learn how to build CMS systems and login managers, or do you want to build an app... ? Hate to do this, but my answer is : don't build your own login system. Instead, go grab some framework like CodeIgniter, Kohana, or even drupal or Joomla. If you are building a login system as a learning experience to understand how cookies work/etc, then fine.. go ahead.. as long as you don't plan on putting it into some production site. Otherwise, grab a well tested framework and use it.

Zak
I'm using the Zend Framework, but after a quick search, I find that Zend does not have a built-in login system: you have to build one yourself (indeed with the help of some classes). All pages I found described how to build a login system, not how to use the built-in one (probably because there is none). As for the safety, Zend does have some classes for authorization, but I think they all - except for Drupal, require some hand-made coding.
RemiX
A: 

Aah, I've learned something new about cookies :) They have a path and they are only available on that path (the directory they were created in). I created the cookies on /user/login, and then tried to read them on /news/index. Won't work.
In the past I used to build websites with all files in just one folder (I know it's bad), so I didn't know of this cookie property. Sorry, I should have read the manual better...
Thanks for your help!

P.s.: Typing print_r($_COOOKIE); won't speed up debugging. :(

RemiX