how to unset cookie in PHP?

Question

I need to figure out how to unset this cookie. Everything I tried so far has failed.

This is how I am currently unsetting it and it doesn't seem to work.

setcookie("user_id", $user_id, time() - 7200);

This is how I set it:

setcookie("user_id", $user_id, time() + 7200);

I have this function called set_session_from_cookie() that checks if a cookie is set, and if it is set, it starts a new session using the cookie.

The problem is that when I use this on my page I am unable to logout. I assume this is because I am unable to unset the session.

The reason I have this function is if a user wants to be remembered after they end the session, they can restart the session by calling the cookie.

function set_session_from_cookie()
{
    if (isset($_SESSION['user_id'])) {
        echo '';
    } else {
        $_SESSION['user_id']=$_COOKIE['user_id'];
    }
}

Logout:

<?php
require'core.php';
session_destroy();

setcookie("user_id", "", time() - 7200);
header('Location:/social_learning/site_pages/starter-template.php');

I set my cookie with the following code:

if ($rememberme == "on") {
    $user_id = mysql_result($query_run, 0, 'id');
    setcookie("user_id", $user_id, time() + 7200);
    $_SESSION['user_id'] = $user_id;
    redirect('home_page.php');
} else {
    if ($rememberme == "") {
        echo 'ok';
        $user_id = mysql_result($query_run, 0, 'id');
        echo $user_id;
        $_SESSION['user_id'] = $user_id;
        redirect('home_page.php');
    }
}

How can I restart the session using the saved cookie without using the function I created? Since the function seems to be causing the user to no longer be able to logout.

Answer 1

Set the cookie's expiration date to a time in the past (like one second after epoch, for example).

setcookie("yourCookie", "yourValue", 1);

This will cause the cookie to expire.

1 is used instead of 0, because 0 sets the cookie to expire at the end of the session.

Answer 2

The solution to this problem was that the I needed to set the correct path to unset the cookie since I was unsetting it from a different file that I originally set it in.

I found out which path I needed to use for the unset by looking for the cookie inside my browser cookies, and once I found the cookie inside my browser, the path was listed near the cookie. So I then set the path to the cookie like so:

setcookie("user_id", $user_id, time() - 1, "/social_learning/site_pages"); 

The last parameter is the path. And it worked.

My original setcookie looks like this:

setcookie("user_id", $user_id, time() + 7200, ""); 

Answer 3

There are few security concerns regarding you code, however to answer your question, to unset a cookie in php, all you need to do is to set expiration time to a time in the past:

setcookie("user_id", "", time()-10, "/");

"loginform.php" is not a valid domain, that might be the problem here.

Answer 4

Look at the php manual for information on setcookie

http://php.net/manual/en/function.setcookie.php

These notes should explain the process:

bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )

Cookies must be deleted with the same parameters as they were set with. If the value argument is an empty string, or FALSE, and all other arguments match a previous call to setcookie, then the cookie with the specified name will be deleted from the remote client. This is internally achieved by setting value to 'deleted' and expiration time to one year in past.

Because setting a cookie with a value of FALSE will try to delete the cookie, you should not use boolean values. Instead, use 0 for FALSE and 1 for TRUE.