Php cookie won't unset/delete - can't logout

Question

So i've tried multiple other "solutions" to my problem (both on this site and others) and cannot find a solution that works for me.

I'm trying to set a cookie to log in my user and then on log out delete that cookie. Here is my code.

list ($check, $data) = check_login($dbc, $_POST['Username'], $_POST['Password']);
    if ($check) {
        setcookie('Username', $data['Username'], time() + 60*60*24*90);
        header('Location: RedirectPage.php');

Which, checks the username and password have been entered on the login form (and accepted), If so, the cookie "Username" is set with the username drawn from the database, and a time equalling 90 days, and the user is then redirected.

This part works fine, it logs the user in as would be expected.

However in the delete part,

header('Refresh: 0;');

setcookie('Username', '', time() - 60*60*24*90);
unset($_COOKIE['Username']);
require ('RedirectPage.php');
redirect_user();

I delete the cookie in the same way it was set, as expected, removing any data and setting the time to a negative value, and then for good measure i run the unset cookie to ensure that it has gone.

Except, this doesn't work. setcookie (to delete) does not do anything, and unset cookie only works on the page after it has been run (in this case, index.php) and as soon as i click to another page, or refresh the page it "forgets" that the cookie has been deleted.

Now going into the Chrome inspect element to check the cookie i get

Username, "Value" (the withdrawn username), r3gamers.com (domain), / (path), 2015-02-03T13:45:00 (Expires/MaxAge), 19 (Size) and HTTP and Secure are both set as empty. 

Watching the process after hitting the logout button, this cookie is never deleted. The only thing which can actually delete the cookie is overwriting it with a new cookie (logging in again) or deleting it through inspect element.

Any ideas? As far as i'm aware, i'm doing everything that should be done.

EDIT: I'd also like to mention that when testing this on localhost, offline through netbeans this functionality does work. However when i upload the pages to godaddy for my website they stop working properly.

Answer 1

I found the answer. It's a stupid answer too. Here is the full code file i was using for logout.

<?php

require_once ('Connection.php');

header('Refresh: 0;');

            if (!isset($_COOKIE['Username'])){
                header('Location: LoginFunctions.php');
            } else {
                setcookie('Username', '', time()-60*60*24*90, '/', '', 0, 0);
                unset($_COOKIE['Username']);
                header('Location: index.php');
            }


?>

The problem, which i can't show here, was that the opening php tag had a single line break on it, meaning that it started on line 2. Why it was like this initially i don't know, but that small error meant that it worked on localhost and didn't work on godaddy. How frustrating. At least i've fixed the problem now.

For future use, for those stuck with the same issue, apparently godaddy (or most hosting sites) require that any cookie adding, editing or deleting occur from line 1 onwards, therefore the php tag which includes the cookie must be on line 1, no html code can preceed this php tag, or any line breaks, the php tag has to start on line 1.

Answer 2

You do not set the path of your cookie, I assume you want it to be site-wide, so you should set the path to '/':

setcookie('Username', $data['Username'], time() + 60*60*24*90, '/');

And then, when unsetting it, try using 1 instead of time() - 60*60*24*90 (also still specifying the path), otherwise the expiration time of the cookie might vary depending on the user's computer clock:

setcookie('Username', '', 1, '/');

I think your problem really is the path not being set: http://php.net/manual/en/function.setcookie.php

If set to '/', the cookie will be available within the entire domain. If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain. The default value is the current directory that the cookie is being set in.

The thing is, if you are in /logout/doit.php, and you try to set the cookie expiration time to a negative value, it will create a new cookie with the path '/logout/' and set its expiration time. (Instead of setting the expiration time on your site-wide cookie)