Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

c is for cookie

Status
Not open for further replies.
bardley

bardley

Programmer
May 8, 2001
121
US
Hello. I have a login page in which a user would enter a username and password. If the login is successful, a cookie is set that contains the username and encrypted password.

On every page in the secure area, the first thing I do is read those cookie variables and authenticate the user. If the variables are not present or altered, then the user gets dumped back to the login page.

However, I've noticed that I can log in, then delete the cookie on my machine and still navigate through the site as though my cookie was still there.

Does the browser keep cookies in memory? If so, is there any way to stop this?

Is there anything else I should be aware of that may be causing this behavior?

Using Apache on Red Hat with (at the moment) Internet Explorer browser. Oh, I send the header on every page to not cache the page, so it's not that.

TIA for any help!! Brad Gunsalus
Cymtec Systems, Inc.
bgunsalus@cymtec.com
 
Sort by date Sort by votes
I am not 100% sure on this, but I think that IE keeps the variables cached, especially if the login script is using the POST method.

Therefore, you can clear the cache with the PHP header() function like so:

[tt]
header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header ("Pragma: no-cache"); // HTTP/1.0
[/tt]

Like I said, I am not sure if this will work, but give it a try and see what happens.

Hope this helps.

-Vic vic cherubini
vikter@epicsoftware.com
====
Knows: Perl, HTML, JavScript, C/C++, PHP, Flash, Director
====
 
Upvote 0 Downvote
Thanks for the speedy reply, but I'm already using these.
Any other ideas?
(Please?):) Brad Gunsalus
Cymtec Systems, Inc.
bgunsalus@cymtec.com
 
Upvote 0 Downvote
Post some of your code so that I can take a look at it. It might be a thing in IE that you can't control.

But post some code so that I can see it.

-Vic vic cherubini
vikter@epicsoftware.com
====
Knows: Perl, HTML, JavScript, C/C++, PHP, Flash, Director
====
 
Upvote 0 Downvote
Actually, solved this problem. The reason I could delete the cookie and stay "in" is because I only deleted it from c:\documents and settings\username\cookies, and it was also stored in ...username\local settings\temporary internet files.

If I delete both, the php pages kick you out correctly.

Thanks Vic. Brad Gunsalus
Cymtec Systems, Inc.
bgunsalus@cymtec.com
 
Upvote 0 Downvote
bardley:

No problem. Thats cool that you solved it and thanks for posting how so that maybe someone with the same question will find out how.

Thanks,

-Vic vic cherubini
vikter@epicsoftware.com
====
Knows: Perl, HTML, JavScript, C/C++, PHP, Flash, Director
====
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lexer
  • Locked
  • Question
Join two mysql tables for populate datatable
Replies
3
Views
263
spamjim
spamjim
cmayo
  • Locked
  • Question
Is PHP/PEAR MDB2 dead? Which PHP abstraction layer should I use?
Replies
1
Views
118
spamjim
spamjim
R
  • Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
231
Chris Miller
Chris Miller
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
365
SashaBuilder3
SashaBuilder3
mervgh
  • Locked
  • Question
My own custom error handler
Replies
1
Views
253
Chris Miller
Chris Miller

Part and Inventory Search

Sponsor

Back
Top