cookies not being deleted

I have a basic login system. The basic login / logout functions are as follows:

function login() {
    global $page;

    if ($_COOKIE['adminUser'] == adminUser && $_COOKIE['adminPass'] == adminPass):
        $_SESSION['adminLogin'] = true;
        redirect($_SERVER['REQUEST_URI']);
    elseif ($_POST['adminUser'] == adminUser && $_POST['adminPass'] == adminPass):
        setcookie('adminUser', $_POST['adminUser'], time() + 60 * 60 * 24 * 7);
        setcookie('adminPass', $_POST['adminPass'], time() + 60 * 60 * 24 * 7);
        $_SESSION['adminLogin'] = true;
        redirect($_SERVER['REQUEST_URI']);
    else:
        $page->content->table = new template('admin/login.tpl');
        // it shows the login form
    endif;
}

    function logout() {
        $_SESSION['adminLogin'] = false;
        setcookie('adminUser', false, time() - 60*100000);
        setcookie('adminPass', false, time() - 60*100000);
        redirect(pathApp);
    }

redirect($x) is header("Location: $x"); die;.

No other COOKIES are being set anywhere in the entire script.

The problem is that the logout function is not working. I tried to debug this via Firebug, to see what headers are being sent and all seems ok to me. Here is Firebug's log for logout:

Response Headers

HTTP/1.1 200 OK
Date: Fri, 15 Apr 2011 18:48:57 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: adminUser=deleted; expires=Thu, 15-Apr-2010 18:48:56 GMT
adminPass=deleted; expires=Thu, 15-Apr-2010 18:48:56 GMT
Content-Length: 1041
Connection: close
Content-Type: text/html


Request Headers

GET /freeads/admin/logout HTTP/1.1
Host: clienti.bsorin.ro
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://clienti.bsorin.ro/freeads/admin
Cookie: adminUser=q; adminPass=q; PHPSESSID=22faf6e20467b88d开发者_如何转开发97dc7838572cbd47

The script is live at http://clienti.bsorin.ro/freeads/admin. Username and password are both set to 'q'.

Thanks!

---

It seems the system was flawed to start with because I didn't set up the cookies properly. I didn't use the path parameter. The cookies were being set at /path/login and were being deleted at path/logout.

The correct way would have been to change both setcookie() command pairs (login & logout) to:

setcookie('adminUser', $_POST['adminUser'], time() + 60 * 60 * 24 * 7, '/');
setcookie('adminPass', $_POST['adminPass'], time() + 60 * 60 * 24 * 7, '/');

setcookie('adminUser', false, time() - 60*100000, '/');
setcookie('adminPass', false, time() - 60*100000, '/');

Notice the fourth parameter, path, being set to /. Took me a while but I figured it out :).

---

I noticed that you are using a sub-domain. setCookie has a fifth parameter that will specify the domain. It is tricky with sub-domains to delete cookies. This worked for me

setCookie("clockInTime", $param, date('U')+86502,'/', '.mywebsite.com')

The last param will pick up any and all sub-domains of mywebsite using the '.' before the domain.

---

1. check you're not sending any headers before using setcookie.
2. change your conditionals to use curlybraces (I beg you)
3. make sure you're setting the cookies/deleting them on the same domain (and path) try using setcookie($name, $val, $time, '/');

I can see the following error when logout is called.

DEBUGGING: [class_dispatcher.php : 26] [scalar [integer / float / string / boolean]] page->content is not of class 'template'

This is most likely the cause - as it's being outputted BEFORE setcookie is called.

---

You can change cookie's expiry time using setcookie().

Important: Expiry time of cookie must be update before any data is sent to the browser because browser identifies a cookie and stores it based on headers sent from the server to the browser, so you must use setcookie() before headers for updating cookie expiry time

---

The issue in my case, is that when I made the request to the backend using the fetch api, I forgot to set the credientials parameter to 'include'. {credentials: 'include'}