Vexing Cookie Problem

Hello, all. This is more of a php problem, but i'm not on the general
list and um the cookie problem is part of a php/mysql application . .
.. .

So, I have an application where university faculty can enter their
publications in a "scholarly database", but this data can also be
entered by a proxy (i.e., grad student or secretary). I have a number
of cookies that I set and then kill again when someone hits the logout
button:

setcookie ('becool', '', time() - 86400);
setcookie ('user_id', '', time() - 86400);
setcookie ('andyouare', '', time() - 86400);
setcookie ('supereditor', '', time() - 86400);
setcookie ('now_editing', '', time() - 86400);
header('Location: index.php?type=logout');

(the user_id is the id of the person who logged in (through LDAP), the
now_editing is the id of the person whose records are being edited
(i.e., staff member #19 is the user, but they're editing faculty
member #34's work).)

When I look at the cookies on the page they're redirected to (through
the firefox web developer extension), they're all gone. And the
becool cookie is definitely unset (or else you'd be able to visit
pages that require authentication). But when someone logs back in,
and I do my check to see if the person logged in is acting as
themselves or on the behalf of someone, the cookie is magically set to
the last person that had now_editing set. If the browser window is
killed, however, the cookie really is killed.

The first four cookies are set on the login page, but the now_editing
cookie requires you go off to a special "super editor" page for it to
be set.

Here's what a sample cookie value look like:

[now_editing] => 20,Firstname,Lastname

And, I don't know if this is useful, but this is what the function
looks like that checks on whether the user is acting as themselves or
as someone else:

function amISomeoneElse() {
global $set_author;
$true_author_name = $_COOKIE['andyouare'];

if (isset($_COOKIE["now_editing"])) {

// now_editing consists of user_id, fname, lname

$item_bits = explode(",", $_COOKIE[now_editing]);

print "

Logged in as SuperEditor (aka $true_author_name),
editing the work of $item_bits[1] $item_bits[2]

Re: Vexing Cookie Problem

Andrew Darby wrote:
> Hello, all. This is more of a php problem, but i'm not on the general
> list and um the cookie problem is part of a php/mysql application . .
> . .
>
> So, I have an application where university faculty can enter their
> publications in a "scholarly database", but this data can also be
> entered by a proxy (i.e., grad student or secretary). I have a number
> of cookies that I set and then kill again when someone hits the logout
> button:
>
> setcookie ('becool', '', time() - 86400);
> setcookie ('user_id', '', time() - 86400);
> setcookie ('andyouare', '', time() - 86400);
> setcookie ('supereditor', '', time() - 86400);
> setcookie ('now_editing', '', time() - 86400);
> header('Location: index.php?type=logout');
>
> (the user_id is the id of the person who logged in (through LDAP), the
> now_editing is the id of the person whose records are being edited
> (i.e., staff member #19 is the user, but they're editing faculty
> member #34's work).)
>
> When I look at the cookies on the page they're redirected to (through
> the firefox web developer extension), they're all gone. And the
> becool cookie is definitely unset (or else you'd be able to visit
> pages that require authentication). But when someone logs back in,
> and I do my check to see if the person logged in is acting as
> themselves or on the behalf of someone, the cookie is magically set to
> the last person that had now_editing set. If the browser window is
> killed, however, the cookie really is killed.

If you're using IE it could be related to this issue:

http://marc.theaimsgroup.com/?l=php-general&m=11139670750712 2&w=2

Try adding a path to the end even if it's just '/'.

setcookie ('now_editing', '', time() - 86400, '/');

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Vexing Cookie Problem

Thanks, Chris. I tried this; no dice.

On 8/14/06, Chris wrote:
> Andrew Darby wrote:
> > Hello, all. This is more of a php problem, but i'm not on the general
> > list and um the cookie problem is part of a php/mysql application . .
> > . .
> >
> > So, I have an application where university faculty can enter their
> > publications in a "scholarly database", but this data can also be
> > entered by a proxy (i.e., grad student or secretary). I have a number
> > of cookies that I set and then kill again when someone hits the logout
> > button:
> >
> > setcookie ('becool', '', time() - 86400);
> > setcookie ('user_id', '', time() - 86400);
> > setcookie ('andyouare', '', time() - 86400);
> > setcookie ('supereditor', '', time() - 86400);
> > setcookie ('now_editing', '', time() - 86400);
> > header('Location: index.php?type=logout');
> >
> > (the user_id is the id of the person who logged in (through LDAP), the
> > now_editing is the id of the person whose records are being edited
> > (i.e., staff member #19 is the user, but they're editing faculty
> > member #34's work).)
> >
> > When I look at the cookies on the page they're redirected to (through
> > the firefox web developer extension), they're all gone. And the
> > becool cookie is definitely unset (or else you'd be able to visit
> > pages that require authentication). But when someone logs back in,
> > and I do my check to see if the person logged in is acting as
> > themselves or on the behalf of someone, the cookie is magically set to
> > the last person that had now_editing set. If the browser window is
> > killed, however, the cookie really is killed.
>
> If you're using IE it could be related to this issue:
>
> http://marc.theaimsgroup.com/?l=php-general&m=11139670750712 2&w=2
>
> Try adding a path to the end even if it's just '/'.
>
> setcookie ('now_editing', '', time() - 86400, '/');
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Vexing Cookie Problem

Chris, I retract that "no dice." It did work after all. Thank you so
very much.

FYI, I was encountering the problem in both Firefox (1.5) and IE (6) on the PC.

Again, thanks a lot.

Andrew

On 8/15/06, Andrew Darby wrote:
> Thanks, Chris. I tried this; no dice.
>
> On 8/14/06, Chris wrote:
> > Andrew Darby wrote:
> > > Hello, all. This is more of a php problem, but i'm not on the general
> > > list and um the cookie problem is part of a php/mysql application . .
> > > . .
> > >
> > > So, I have an application where university faculty can enter their
> > > publications in a "scholarly database", but this data can also be
> > > entered by a proxy (i.e., grad student or secretary). I have a number
> > > of cookies that I set and then kill again when someone hits the logout
> > > button:
> > >
> > > setcookie ('becool', '', time() - 86400);
> > > setcookie ('user_id', '', time() - 86400);
> > > setcookie ('andyouare', '', time() - 86400);
> > > setcookie ('supereditor', '', time() - 86400);
> > > setcookie ('now_editing', '', time() - 86400);
> > > header('Location: index.php?type=logout');
> > >
> > > (the user_id is the id of the person who logged in (through LDAP), the
> > > now_editing is the id of the person whose records are being edited
> > > (i.e., staff member #19 is the user, but they're editing faculty
> > > member #34's work).)
> > >
> > > When I look at the cookies on the page they're redirected to (through
> > > the firefox web developer extension), they're all gone. And the
> > > becool cookie is definitely unset (or else you'd be able to visit
> > > pages that require authentication). But when someone logs back in,
> > > and I do my check to see if the person logged in is acting as
> > > themselves or on the behalf of someone, the cookie is magically set to
> > > the last person that had now_editing set. If the browser window is
> > > killed, however, the cookie really is killed.
> >
> > If you're using IE it could be related to this issue:
> >
> > http://marc.theaimsgroup.com/?l=php-general&m=11139670750712 2&w=2
> >
> > Try adding a path to the end even if it's just '/'.
> >
> > setcookie ('now_editing', '', time() - 86400, '/');
> >
> > --
> > Postgresql & php tutorials
> > http://www.designmagick.com/
> >
>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php