Delete PHP Cookie?

Question

I currently have a cookie set as follows:

setcookie("username",$username,time()+3600*24*5);

How would I go about clearing the value of that cookie so that the user's username isn't filled in anymore?

I have it cleared as follows:

setcookie("username","",time()-60000);

The user's username still comes up though.

The HTML form:

<?php
    session_start();

    $username = NULL;
    $password = NULL;

    if(isset($_SESSION['username'])){
        $username = $_COOKIE['username'];
        $password = $_COOKIE['password'];
    }
?>
<html>
    <title>Login</title>
    <body bgcolor='#000000'>
        <font color="white">
    <H2><div align='center'>Login</div></H2>
    <form align='center' action='login.php' method='POST'>
            Username: <input type='text' name='username' value='<?$_COOKIE['username']?>'><br \>
            Password: <input type='password' name='password' value='<?$password?>'><br \>
            Remember Me <input type='checkbox' name='remember' value='rememberme'><br \>
            <input type='submit' value='Login'>
        </form>
        </font>
    </body>
</html>

The PHP script to handle the form:

<?php
    session_start();

    $username = $_POST['username'];
    $password = $_POST['password'];

    //Hash password in a new variable
    $password2 = md5($password);

    require_once "/home/a7435766/public_html/scripts/dbconnect.php";

    $query = mysql_query("SELECT * FROM userstwo WHERE username = '$username' && password = '$password2'");

    if((mysql_num_rows($query)) != 0) {
        //Store username and password in a cookie
        if($_POST['remember'] == 'rememberme') {
            setcookie("username",$username,time()+3600*24*5,'','.ohjustthatguy.com');
            setcookie("password",$password,time()+3600*24*2,'','.ohjustthatguy.com');
        } else {
            setcookie("username","",time()-10,'','.ohjustthatguy.com');
            setcookie("password","",time()-10,'','.ohjustthatguy.com');
    }
        $_SESSION['username'] = $username;
        header('Location: http://www.ohjustthatguy.com/uploads/uploads.html');
        } else {
        header('Location: http://www.ohjustthatguy.com/uploads/');
    }
?>

Original sources on pastebin

• http://pastebin.com/8XtqV1PP
• http://pastebin.com/7GvQ9wRa

Answer 1

Be sure that you delete the cookie with the same domain name and path with which you set it. Cookies for example.com and www.example.com will be treated as two different cookies. Similarly, cookies set from example.com and example.com/Support will have different paths. A good practice is to use.example.com as the domain and '/' as the path for username type cookies so that they can be shared across your subdomains too.

To debug this, you can use the FireCookie plugin of Firefox which'll show all this information.

Answer 2

Setting its expiration to some time in the past should clear it:

setcookie("username",$username,time()-10);

If you're using PHP sessions to manage users, you'll probably also want to session_destroy()

Answer 3

You really should not store your users password in a cookie, especially if you are not using HTTPS, The password will be sent in plaintext over the network for every requests, Also. never send back a user his password, this is nerver a good idea.