Dear forum, I need an expert opinion about a session cookie. Here is the situation:
start a session, blah blah data end a session.
set an expired cookie before deleting the session.
This test requires Microsoft Edge browser because it shows the cookie in the console. I can’t see the cookie info in the Firefox console. To understand the question, you need to start and end a session and use Edge console to see the session cookie. When developer tools are enabled, view source opens the console. The debugger tab shows cookies in the left pane. I can see my session cookie listed throughout the session and i can watch the session id change (regenerate_id(true). However, when i destroy the session and set the cookie expiration, I still see a cookie. Shouldn’t the cookie be deleted? why can i still see it with the last session id?
if you watch the session temp folder, you can see your session file disappear when you destroy the session. shouldn’t the cookie disappear? is the cookie really invalid and Edge stores it until the browser closes? I think that this is a session cookie not persistent, so if the session is closed then the cookie should be deleted. When the cookie is not deleted, i worry that the code to expire the cookie is not correct.
<?php
session_name(‘CookieChallenge’);
session_start();
//update session variables
session_write_close();
//page code here
//when ready to delete the session
$params = session_get_cookie_params();
setcookie(session_name(), ”, time() – 3600, $params[“domain”], $params[“path”], $params[“secure”, $params[“httponly”]);
session_start(); $_SESSION = array(); session_unset(); session_destroy();
exit;
?>
I am a beginner, so I wonder if the cookie is still visible because the browser only deletes it when the browser is closed or maybe my code is not really deleting the cookie. I cannot view the cookie because i cannot find its location in Windows 10. I have no idea if the cookie is really being deleted or made to be invalid, then deleted when the browser closes.
I hope that someone understands this matter, it’s driving me nuts. I expect to see the cookie disappear in the console.
Thanks.