0

I have created a PHP and Cookie-based Login and Logout system for the admin page of a WebApp I am working on. Issue is when I refresh the page more than 2 or 3 times when I am Logged In, the Log Out function doesn't work properly, and keeps me "Logged In" if I attempt to load an admin page after I have "Logged Out". I am not certain if this is a browser setting, or something I am coding incorrectly.

Login PHP Code:

setcookie("password","$thepassword");

Logout PHP Code:

unset($_COOKIE['password']);

setcookie('password', null, -1, '/');

Any ideas welcome. :) Thanks~

Community
  • 1
  • 1
Uncle Nerdicus
  • 90
  • 1
  • 6

3 Answers3

4

A few seconds of google search would save you the hassle of asking a question, thought its already been answered here before, check this

I would also mention that storing users passwords in a cookie is a crime! please use sessions for such an ocassion.

Community
  • 1
  • 1
Ma'moon Al-Akash
  • 4,445
  • 1
  • 20
  • 16
  • Actually, I am using the EXACT same code from that article in my case. I LOOKED at that same article writing the present code. lol! – Uncle Nerdicus Nov 18 '13 at 01:33
1

You can always assign the cookie a null value:

setcookie("user", NULL);

However, cookies tend to be a rather insecure way of storing user data. I strongly recommend using sessions in stead. Keep in mind that users can change the value of cookies, but not sessions. Then to log out you can use session_destroy()

Also, try refreshing the page after the cookie is unset.

735Tesla
  • 3,162
  • 4
  • 34
  • 57
0

I solved my issues by converting the script to use Sessions, and not Cookies.

Thanks for the advice guys. :)

Uncle Nerdicus
  • 90
  • 1
  • 6