3

I really don't know what the issue is here.

I have a script called "login.php" that works perfectly. It's called with AJAX, and if it returns successfully, the page refreshes and the user is logged in. The cookie is set on that page with

setcookie("main", $row[0], time() + 3600, "/")

Then I have a script called "logout.php". It is called the same way (AJAX and then page refresh). It only has two lines:

<?php
    setcookie("main", "", time() - 3600, "/");
    echo "Done";
?>

Calling it form the page wasn't working, so I just loaded logout.php in the browser. The output was "done" but checking my cookies in Chrome showed me that the cookie was still set to "1" (which was $row[0]) and to expire at the time set in login.php.

login.php and logout.php are both in the same folder, the root directory, which is the same folder as everything else.

Earlier, this was working, but the only changes I've made are to make the title bar on the website its own file (still in the root directory) and to take the JavaScript functionality for the Logout button, which is just an AJAX call and some jQuery hover effects, and make it its own script file, which is in the _js folder. But I didn't change logout.php at all, so it should still work when I navigate directly to it, right? Is there something wrong with my setcookie command, or what other problem could be causing it?

EDIT: I tried setting it to expire in 100 seconds instead of -3600, and then tried changing its name so I could recognize it as a totally separate cookie. Neither of them made it show up. The cookie simply isn't getting set at all.

EDIT 2: I reverted to the last commit, and everything is working again. I don't know why reorganizing my site by creating some new files (logout.php isn't changed at all) makes a certain script unable to create cookies.

Andrew Latham
  • 5,982
  • 14
  • 47
  • 87
  • Are you sure you're calling on the same domain? Maybe you set the cookie on www.domain.com and you want to remove it on domain.com? – Ata S. Apr 17 '12 at 16:07
  • I set them both on "/", so it should be the same thing, right? They're both in the same folder. – Andrew Latham Apr 17 '12 at 16:09
  • No it is the path, the domain may be different. If you set the cookie on www.domain.com than it wouldn't be accessible from domain.com though pratically they are the same domain, but in theory not. So if you set domain in like www.domain.com/login.php, than the logout php script must be called from www.domain.com/logout.php not domain.com/logout.php – Ata S. Apr 17 '12 at 16:10
  • I copied setcookie verbatim, so I think the domain is implicit, meaning it should be the same for both, unless I'm mistaken. – Andrew Latham Apr 17 '12 at 16:12
  • Also could you try -1 and just time() instead of time()-3600? It's not logical but maybe there's a bug. Btw, check Chrome's Developers Tools's Network section and see if your logout.php is actually is called or not. Here is some example screenshot from Network of Developers Tools of Chrome: http://goo.gl/dxCCI – Ata S. Apr 17 '12 at 16:14

1 Answers1

3

Cookies must be set before any content goes to the client. Make sure you haven't sent anything to the client before calling a setcookie as it's actually a Set-Cookie header coming back through the request.

Something as little as a space in an include file can ruin this. (You said you worked on other files, check that nothing being included has anything such as a debug echo or whitespace outside of your <?php ... ?> brackets)

As a general rule of thumb, if I have a file that is exclusively PHP code I only include the opening tag (<?php) and exempt the last one. PHP will still parse and run, but this avoids any whitespace at the end of the file that may become problematic. e.g.

mycodefile.php

<?php

  define('...', ...);

  function ...(){ }

Also, you mentioned using chrome. Open your debugger in chrome (ctrl+shft+i) and click the Network tab. Then find your logout call and select it, then click Headers and verify your cookie is being cleared. (likewise you can click Resources and look under Cookies to view any set.

Brad Christie
  • 100,477
  • 16
  • 156
  • 200
  • Yes I agree, if there are space or new line characters before – Ata S. Apr 17 '12 at 16:08
  • logout.php is just those two lines, so I don't think that anything has been sent to the client before setcookie is called if I navigate directly to that page. There aren't any blank spaces, just a tab before the setcookie. – Andrew Latham Apr 17 '12 at 16:08