Can’t kill cookie

@tastechFeb 03.2012

Hi folks

I have a couple of Apache servers both with the php module.

Server 1 is an older production server running Apache 2.2.13 and PHP 5.2.11 with a FQD.
Server 2 is a new development server running as a sub on the FQD with Apache 2.2.21 and PHP 5.3.9 with Suhosin Patch 0.9.10.

An application I have running on Server 1 works fine using cookies with username and password in MD5 in them. I can “kill” the cookie with the following code.

[CODE]$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout? if(isset($_GET[‘logout’])) { setcookie(“verify”, ”, $timeout, ‘/’, ‘fqd.net.au’); // clear password; header(‘Location: ‘ . LOGOUT_URL); exit(); } [/CODE]

(Of course fqd.net.au is not the actual domain)

This code works fine for Firefox, IE9 and Chrome.

However when the same is run on Server2 it doesn’t reset the cookie and therfore the user never gets logged out. This applies to all 3 above mentioned web browsers.

I have played with the domain settings leaving them blank and adding in the sub domain.

Anyone have any ideas

to post a comment

PHP

10 Comments(s) _↴

@WolfShadeFeb 03.2012 — #Instead of hardcoding the domain, can you use [B]$_SERVER['HTTP_HOST'][/B] instead?

@tastechauthorFeb 03.2012 — #Instead of hardcoding the domain, can you use [B]$_SERVER['HTTP_HOST'][/B] instead?[/QUOTE]

True but that doesn't fix the problem unfortunately.

@WolfShadeFeb 03.2012 — #Are you sure that timeout is set to 0? What about manually coding 0 instead of using the $timeout?

@tastechauthorFeb 03.2012 — #Are you sure that timeout is set to 0? What about manually coding 0 instead of using the $timeout?[/QUOTE]

Yep tried 0 and -1

@WolfShadeFeb 03.2012 — #The one thing that is grabbing my attention:
Server 2 is a new development server running as a sub on the FQD[/QUOTE]
Is the production server "www.domain.co.au" and the dev is "dev.domain.co.au", or something like that?

@tastechauthorFeb 03.2012 — #The one thing that is grabbing my attention:

Is the production server "www.domain.co.au" and the dev is "dev.domain.co.au", or something like that?[/QUOTE]

Yep the production server is www. and the deveploment one dev. which is why I tried only the top level for the cookie orginally. I would have thought that at top level it would work down to subs.

Thanks for your response so far.

@WolfShadeFeb 03.2012 — #According to manual, if you set it for "domain.co.au", it will work for all FQDN sub-domains.

Also, for older browsers you might need to include a "." at the beginning:

[B][I]Older browsers still implementing the deprecated » RFC 2109 may require a leading . to match all subdomains.[/I][/B]

But I wonder, though, if the cookie from the dev might be conflicting with the cookie from production. Which is why I suggested the $_SERVER['HTTP_HOST'] route. But if it didn't work, it didn't work.

@tastechauthorFeb 03.2012 — #According to manual, if you set it for "domain.co.au", it will work for all FQDN sub-domains.

Also, for older browsers you might need to include a "." at the beginning:

[B][I]Older browsers still implementing the deprecated » RFC 2109 may require a leading . to match all subdomains.[/I][/B]

But I wonder, though, if the cookie from the dev might be conflicting with the cookie from production. Which is why I suggested the $_SERVER['HTTP_HOST'] route. But if it didn't work, it didn't work.[/QUOTE]

It's got me a bit stumped. All browsers I'm trying are the last versions. The only thing I can think of is to change the MySQL be to something other than localhost (like the host name) and change my 127 entry hosts file to match the domain instead of localhost. I say this because a lot of people have had problems developing on localhost with the latest PHP and although I'm using a FQD maybe.. just starting clutch at straws I guess.

@WolfShadeFeb 03.2012 — #Quite possibly. I never use localhost. I adjust my hosts file and give it a bogus FQDN pointing to the server.

192.168.1.10 www.cftest.com

192.168.1.10 cftest.com

@tastechauthorFeb 03.2012 — #I'll see how I go when I have time.

Cheers and thanks

Also in #PHP _↴

Hide the download link of a file Serving XHTML+RDFa via PHP Is it possible? PHP/MySQL

Success!

Help @tastech spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.17,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...

Can’t kill cookie

10 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Can’t kill cookie

10 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

10 Comments(s) _↴

Also in #PHP _↴