CUTCODEDOWN
Minimalist Semantic Markup

Welcome Guest
Please Login or Register

If you have registered but not recieved your activation e-mail in a reasonable amount of time, or have issues with using the registration form, please use our Contact Form for assistance. Include both your username and the e-mail you tried to register with.

Author Topic: Set and Clear HTTP only cookie  (Read 303 times)

AndrewTraub

  • Junior Member
  • *
  • Posts: 19
  • Karma: +0/-0
Set and Clear HTTP only cookie
« on: 20 Jun 2021, 07:17:47 pm »
I'm using this to set a cookie on login:

Code: [Select]
setcookie(parent::cookie_name, $jwt, secure: true, httponly: true);
On logout, it needs to be cleared.

I'm using this code but it doesn't work:

Code: [Select]
setcookie(parent::cookie_name, false, time() - 100, secure: true, httponly: true); //delete cookie
Any idea why?

Thanks,

Andrew

Jason Knight

  • Administrator
  • Hero Member
  • *****
  • Posts: 739
  • Karma: +132/-1
    • CutCodeDown -- Minimalist Semantic Markup
Re: Set and Clear HTTP only cookie
« Reply #1 on: 20 Jun 2021, 10:09:56 pm »
Where in your code are you attempting to unset the cookie? Are you 100% sure it's before any other code output? Are you SURE that your using HTTPS?

Though... your code doesn't make sense. You're setting names that shouldn't be set. The "secure:" and "httponly:" makes no sense whatsoever. That's not how function parameters work. Your "set" also seems to lack a time index.

Code: [Select]
setcookie(parent::cookie_name, $jwt, time() +  1296000, true, true);
Should be how you're setting it.

Code: [Select]
setcookie(parent::cookie_name, false, 0, true, true);

Being your unset. Sneaky trick? Don't waste time calling "time() - 100" when zero is Jan 1, 1970.
I'll fix every flaw, I'll break every law, I'll tear up the rulebook if that's what it takes. You will see, I will crush this cold machine.

AndrewTraub

  • Junior Member
  • *
  • Posts: 19
  • Karma: +0/-0
Re: Set and Clear HTTP only cookie
« Reply #2 on: 24 Jun 2021, 10:31:27 am »
Thanks, I'll try that.  My understanding is that PHP 8 supports named parameters so you don't get killed if you put things out of order.

Jason Knight

  • Administrator
  • Hero Member
  • *****
  • Posts: 739
  • Karma: +132/-1
    • CutCodeDown -- Minimalist Semantic Markup
Re: Set and Clear HTTP only cookie
« Reply #3 on: 26 Jun 2021, 09:10:42 pm »
My understanding is that PHP 8 supports named parameters so you don't get killed if you put things out of order.
Something like the modern bitching about "too many arguments on functions" wasn't even a thing programmers had problems with until very recently. I wonder why that is?

Maybe they're just a bunch of lazy copy-paste coders who can't be bothered to read documentation or look at the function declaration?

It's sad after all the progress of PHP 7 to see PHP 8 going full pakled with idiotic trash like that. It's bad enough it's dragging execution speed back to the pre -JIT days despite having JIT, without pissing on the syntax and making everything harder to deal with.

I have the odd feeling I'm going to be waiting for PHP 9 before I actually use anything past 7 in deployment. I'm NOT a fan of any of these idiotic changes. MOST of which just resulting in writing more code, more complex code, undoing many of the reasons to even use PHP in the first place, all whilst STILL failing to address the language's deeper security woes.

It's like they're taking pages out of the WhatWG's playbook. PHP doesn't need more ways of doing the same things, or radical changes in things like typecasting... what it needs is 90%+ of it's idiotic redundancies removed from the language and to provide a more secure method of including libraries and security data.
« Last Edit: 26 Jun 2021, 09:15:01 pm by Jason Knight »
I'll fix every flaw, I'll break every law, I'll tear up the rulebook if that's what it takes. You will see, I will crush this cold machine.

AndrewTraub

  • Junior Member
  • *
  • Posts: 19
  • Karma: +0/-0
Re: Set and Clear HTTP only cookie
« Reply #4 on: 27 Jun 2021, 06:49:30 pm »
Well, in the context of passing parameters, PHP 8  does allow me to skip optional parameters that come before (in this case domain and string come before secure and httponly).

Unfortunately, even your code does not clear the cookie.

 

SMF spam blocked by CleanTalk

Advertisement