When I want to remove a Cookie I try
unset($_COOKIE['hello']);
I see in my cookie browser from firefox that the cookie still exists. How can I really remove the cookie?
+8
A:
Set the value to "" and the expiry date to yesterday (or any date in the past)
setcookie("hello", "", time()-3600);
Then the cookie will expire the next time the page loads.
Re0sless
2009-03-26 15:02:51
How about setting the time to 0 (the epoch)? =]
strager
2009-03-27 00:00:28
If you put a date too far in the past, IE will bark and igores it, i.e. the value will not be removed.
Julien
2009-03-27 00:04:25
+2
A:
See the sample labelled "Example #2 setcookie() delete example" from the PHP docs. To clear a cookie from the browser, you need to tell the browser that the cookie has expired... the browser will then remove it. unset as you've used it just removes the 'hello' cookie from the COOKIE array.
Jarret Hardie
2009-03-26 15:03:20
+2
A:
If you set the cookie to expire in the past, the browser will remove it. See setcookie() delete example at php.net
Alistair Knock
2009-03-26 15:03:34
+3
A:
That will unset the cookie in your code, but since the $_COOKIE variable is refreshed on each request, it'll just come back on the next page request.
To actually get rid of the cookie, set the expiration date in the past:
// set the expiration date to one hour ago
setcookie("hello", "", time()-3600);
Eric Petroelje
2009-03-26 15:04:00
A:
Thanks so far.
When I login I do:
setcookie("loggedin",true,time()+3600,'/');
And to logout i do
setcookie ('loggedin', false, time() - 4800,'/');
But appearantly when I want to check if I am logged it when I restart my browser I am not logged in. This is the way I check it:
if(isset($_COOKIE['loggedin']) and ($_COOKIE['loggedin'] == true) ){
Is this not the way to check if I am logged in?
Secondly, is there a way to combine cookies with sessions?
sanders
2009-03-26 15:10:49
Good question. I can't recommend strongly enough that you do NOT handle login this way; anyone can create a cookie on their system that gets sent along to your server and, poof!, they'll be logged in. Use a session instead... the login token must reside server-side only, and not be part of a cookie.
Jarret Hardie
2009-03-26 15:21:38
PHP uses cookies to implement a session. A PHP site creates a cookie called PHPSESS that identifies the session object on the server where the user's session info is stored.
Jarret Hardie
2009-03-26 15:22:44
+1
A:
Note that the cookie and the session are completely unaware of each other. They are related, but detached.
Think about the session cookie like a ticket that let's you in and out of a nightclub. If you still have the ticket, but the club is closed you can't get back in. Like wise, if the club is still open but you lose your ticket you can't get in regardless.
Analogies aside, you don't kill a session by "unsetting" the cookie. You can trash the session with session_destroy, or if you want to log a user out just unset values held in the session that indicate that someone is logged in. You can let the browser keep the cookie if you like, it's just a useless ticket.
Tim Whitlock
2009-03-26 23:59:41