I have been working on a php login system which is basically finished but needs one thing cleaning up. When the session is created/registered, a cookie is created. And according to firefox, the cookie will expire when the session ends. However, the session ends (according the the rest of my php scripts) and the cookie is still there. Below is the php code I use to end the session.

<?
{
session_set_cookie_params(0);
session_start();
session_destroy();
//setcookie("PHPSESSID","",time()-3600);
}
//And the rest doesn't relate to logging out

So when the logout button is pressed, the user is sent to a page with that code at the very beginning of the page. And as you can see in my code above, I have tried with and without the setcookie code with many different combinations between the brackets.

Can anybody see where I am going wrong because I have read all of the manuals which relate to each of these scripts. Any help would be appreciated.
Thanks

Well,

<?php
  setcookie("user", "Alex Porter", time()+3600);
  
 	setcookie("user", "", time()-3600);

  	print "<pre>";
		print_r($_COOKIE);
  	print "</pre>";

?>

First, comment out deleting the cookie part and execute the script. Open "Tools -> Options -> Privacy -> Show cookies". You will see a cookie from localhost.
Now, uncomment deleting the cookie part and execute the script. Again, check if a cookie exists from localhost.
I have tested it and it deletes the cookie from localhost.

I have tried your reply and your example works but the situation is a bit more technical than that. I use the following code to create the session which I believe also creates a cookie: session_register('$translog'); The cookie it makes is called 'PHPSESSID' and it is how the cookie expiry is set that is a real problem. The cookie expiry from the above code is by default set to expire when the session ends. Although the session ends, the cookie never gets removed. So how would I:
A - Make the user computer know the session has ended instead of just the server side.
-or-
B - Make a script that would remove a session cookie with a session type expiry.

Thanks for your reply though.

Well, Whenever you start a session, a cookie is set (if you have configured sessions with cookies). That will have the current session's id. PHPSESSID is its name. You can do 2 things to delete the cookies.
1. Name your session using session_name and use setcookie to delete the cookie while destroying the session.
2. If you don't want to name your session, just use setcookie to destroy the cookie with name PHPSESSID. I have tried it and it works!

Cheers,
Naveen

After many days of hard work I have now solved the problem. I found that any page beginning with the following code is likely to have a cookie (or at least for me) session_start(); I found that by removing the session_start(); and session_register('$translog'); from all of my pages and script, this prevented any cookies from being made and all my scripts work like normal. Also I found that the following now works as my logout code:

<?
{
session_start();
$_SESSION = array(); // destroy all $_SESSION data
setcookie("PHPSESSID", "", time() - 3600, "/");
session_destroy();

The reason why the above code did not work before was that every page with the session_start() made a cookie even if there was no session started.
So now all is well and thanks for the help nav33n as now I know how to delete cookies with php.

Cool ! Good job :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.