CODEWITHSUNDEEP
phpfirefoxcookies
Eae
Eae

Reputation: 4321

PHP cookie removal in FireFox 14.0.1

<?php 

session_start();

$_SESSION['logged_in'] = false;

setcookie("dsgpassword127", $password, time()-3600);  /* expire the cookie */
setcookie("dsgemail127", $email, time()-3600);  /* expire the cookie */

session_destroy();

header("location: index.php");

?>

The code above which works very well in Chrome will not remove the cookies in FireFox 14.0.1. I am wondering why this is, if anyone has experienced the same problem or if there is a solution to this conundrum I am in when it comes to expiring these cookies....

Upvotes: 1

Views: 630

Answers (3)

Eae
Eae

Reputation: 4321

I uninstalled FireFox and reinstalled the latest version which is 15.0. This time when FireFox asked me to remember the password automatically I requested it not do so. Now the browser is reacting normally. I suspect that the same would have been the case also in 14.0.1 in regards to the "Remember password" feature.

Upvotes: 1

David Weinraub
David Weinraub

Reputation: 14184

According the manual for sesion_destroy():

session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. ...If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

Hard to explain why Chrome is unsetting the cookie, but it's Chrome's behavior that appears to be aberrant, not that of Firefox.

But the presence of an old cookie pointing to a dead session should not be problematic. The server should create a new session - with empty session data - and send back a cookie pointing to the new session.

In fact, saving unencrypted users and passwords on the client is probably ill-advised. Are you sure you need that? Storing that info on the server-side is probably more common, with the client-side only given his the session cookie.

Upvotes: 1

raidenace
raidenace

Reputation: 12834

Just set the cookie expiration to 1 like so:

setcookie("dsgpassword127", $password, 1);  /* expire the cookie */
setcookie("dsgemail127", $email, 1);  /* expire the cookie */

Basically the third parameter is the number of seconds since epoch. 1 sets it to 1 second after epoch and so there is not need to worry about time() and all. Check if that helps in firefox.

Upvotes: 0

Related Questions