tags:

views:

566

answers:

3
Q: 

Why won't my cookie value change in PHP 5?

Hi, I have a website where the login info is optionally saved in a cookie (remember me checkbox at login) and when the user logs out, the value of the authentication cookie won't change to expire the cookie allowing logout.

The system does work correctly in both the dev and staging servers but for some reason will not work on our production server. We are running PHP 5 and Apache on all the servers.

Thanks.

Function to set cookie (minor edits for security): 

function setCookieInfo($data,$expiry=0)
{
   if($data === false)
   {
       //remove cookie!
       $cookie = false;
       $expiry = 100; //should be in the past enough!
   }
   else
   {
       $serial = base64_encode(serialize($data));
       $hash = md5($XXX);
       $cookie = $hash."---".$serial;
   }

   if($_SERVER['SERVER_NAME']=='localhost')
   {
       $domain = null;
   }
   else
   {
       $domain = '.'.$_SERVER['SERVER_NAME'];
   }

   return setcookie('Auth', $cookie, $expiry, $this->controller->base, $domain);
}
+1  A: 

Posting some actual code might help, but I'll hazard a guess that it has something to do with the cookie domain being used.

Peter Bailey  2009-07-13 14:49:45
A: 

Assuming you are using the PHP setcookie() function, make sure that the domain and path for the cookie are set correctly. Check PHP's documentation for the function for more information.

I might be able to tell you for sure if I had a little more info. Can you provide any more information without compromising too much about the project? How about the URLs of the dev, staging, and production servers, or at least examples of what they might be like?

Edit

Based upon the info you provided in your comment, I would recommend that you try using HTTP_HOST instead of SERVER_NAME. SERVER_NAME might be giving you a weird value depending upon your virtual server setup. Your path might not be quite right either - try a '/' and it should be available regardless of the subdirectory the user is in.

Also, 

$this->controller->base

makes me think that you might be using CodeIgniter or Kohana. If so, you might consider using their cookie helpers.

Brad Gignac  2009-07-13 14:54:50
Dev is done as localhost (MAMP running on local machine), Staging is via ip address (no dns mapped to it), Production is via the site name.
JustJon  2009-07-13 15:55:27
A: 

Grab a traffic capture (e.g. www.fiddler2.com) of the SetCookie call that is intended to delete the cookie, and ensure that the Domain is valid and the expiration time/value is as expected.

EricLaw -MSFT-  2009-07-13 15:18:36
domain value is as expected, as is expiry.
JustJon  2009-07-13 15:56:10

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases