PHP - Cookie isn't working?

Question

Why can't I delete this Cookie?

When a user logs in authenticate_user() is run. When the user logs out logout() is run. When the class is run status is generated via update_status().

How do I kill the status cookie? No matter what I try it exists and the user cannot log out.

[CODE REMOVED]

Solved it.

When deleting a cookie you must specify what directories the cookie can access.

Not Deleted
setcookie("status", "", (time()+3600), '/');
setcookie("status", "", (time()-3600));

Deleted
setcookie("status", "", (time()+3600), '/');
setcookie("status", "", (time()-3600), '/');

Answer 1

This is a bit of a grey area.

First thing of note is that you are trying to delete the cvookie by setting its expiry to an hour ago - but what time zone is your script running in? And what time zone is the client in?

Also, I've seen behaviour which seems to be explained by browsers hanging on to cookies when the expiry time is subsequently set to a date in the past (long in the past - not a timezone thing).

The mere presence of a cookie should NEVER be treated as evidence of authentication - this should be a handle to data stored serverside. So the solution is to overwrite the VALUE of the cookie to a nonsense value - not change its expiry time.

Answer 2

Try this instead...

setcookie("status", "", time()-3600, "");

Answer 3

Is status a session cookie? If it is then $_COOKIE['status'] won't exist.

Use session_destroy() to remove it, make sure you have session_start() at the top of the page first though (this is probably why your having problems with sessions not working).