Hi folks
I have a couple of Apache servers both with the php module.
Server 1 is an older production server running Apache 2.2.13 and PHP 5.2.11 with a FQD.
Server 2 is a new development server running as a sub on the FQD with Apache 2.2.21 and PHP 5.3.9 with Suhosin Patch 0.9.10.
An application I have running on Server 1 works fine using cookies with username and password in MD5 in them. I can “kill” the cookie with the following code.
[CODE]$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
// logout?
if(isset($_GET[‘logout’])) {
setcookie(“verify”, ”, $timeout, ‘/’, ‘fqd.net.au’); // clear password;
header(‘Location: ‘ . LOGOUT_URL);
exit();
}
(Of course fqd.net.au is not the actual domain)
This code works fine for Firefox, IE9 and Chrome.
However when the same is run on Server2 it doesn’t reset the cookie and therfore the user never gets logged out. This applies to all 3 above mentioned web browsers.
I have played with the domain settings leaving them blank and adding in the sub domain.
Anyone have any ideas