I was successfull in setting a cookie while following this answer. PHP login system: Remember Me (persistent cookie)
I am having problem with my logout to unset/delete the cookie when logout.php is clicked.
login.php
$selector = base64_encode(random_bytes(9));
$authenticator = random_bytes(33);
$token = hash('sha256', $authenticator);
$expires = date('Y-m-d\TH:i:s', time() + 864000);
$stmt2 = $pdo->prepare("INSERT INTO auth_tokens (selector,token,userid,expires) VALUES (:selector, :token, :userid, :expires)");
$stmt2->bindParam(':selector', $selector);
$stmt2->bindParam(':token', $token);
$stmt2->bindParam(':userid', $userid);
$stmt2->bindParam(':expires', $expires);
$stmt2->execute();
setcookie(
'remember',
$selector.':'.base64_encode($authenticator),
time()+86400,
'/',
false
);
logout.php
<?php
session_start();
$_SESSION = array();
unset($_SESSION);
if (isset($_COOKIE['remember'])) {
unset($_COOKIE['remember']);
setcookie('remember', '', time() - 3600, '/'); // empty value and old timestamp
}
session_destroy();
header("location:index.php");
?>
When I click logout.php and check on
home.php
if(isset($_COOKIE['remember']) ){
header('Location: ../testing.php');
exit;
}
It redirects to testing.php which is not supposed to be so since I have unset the cookie. Am I supposed to delete from the record from the database too?
