Viewed   99 times

I am building a website with logins. I have sessions working fine but I need to be able to keep them logged in if the click remember me. Currently I have the login script saving a cookie with the Username and Password they type to some cookies. I the below script $username and $password are set higher in the script. The $_SESSION variables are getting set fine. And I know the script is going into the if statement because before I place a alert box in there.


while($row = mysql_fetch_array($getLoginResults))
    $error = "Login Successful";
    $_SESSION['Username'] = $_POST['username'];
    $_SESSION['Password'] = $_POST['password'];
    if($keep == 1)
        setcookie("Username", $username, time()+3600*24*30);
        setcookie("Password", $password, time()+3600*24*30);

When I check the login, I have a javascript alert so I knoe the cookie is set but the alert box is coming up empty.


echo "<script>alert('".$_COOKIE['Username']."')</script>";

What am I missing???



Try using setcookie with a a path specified, this used to catch me out, as it assumes the current path by default. Using / will make the cookie work for the whole domain

setcookie("Username", $username, time()+3600*24*30, '/');
Friday, November 4, 2022

You have to set cookies before any headers are sent out.

From the manual:

setcookie() defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including and tags as well as any whitespace.

This means you will need to look into output buffering if you wish to use this code as is.


echo "Hellon";

setcookie("cookiename", "cookiedata");



Depending on the contents of global.php, this might work for you. All I did was remove any output before setcookie() is called. If global.php contains any whitespace or HTML output in it this won't work:

include "global.php";    

        $email = $_POST["email"];
        $password = sha1($_POST["password"]);
        $check = mysqli_query($con, "SELECT * FROM Earth WHERE `email`='$email' AND `password`='$password'");
        $check = mysqli_num_rows($check);
        if($check == 1){
        setcookie("PeopleHub", $email, 0, '/');
        echo "We logged you in!";
        else { 
            echo "We couldn't log you in!";
    echo "We currently have <b>" . $usercount . "</b> members, <b>" . $onlinecount . "</b> of which are online. "; 
<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
    Email <input name="email" placeholder="Email Address" required="" type="text"><br>
    Password <input name="password" placeholder="Password" required="" type="password"><br>
    <input type="reset" value="Start Over">
    <input type="submit" value="Login">
Sunday, September 18, 2022

PHP superglobals are populated at script start-up time, and then are NOT modified or touched by PHP again for the life of the script. That means $_COOKIE represents the cookies that were sent to the server in the http request that fired up the script. It will NOT show any cookies you've added/changed/deleted during the life of the script. Those changes will only show up on the NEXT request.

The only exception to this is $_SESSION, which is populated when you call session_start().

If you need those values to be in $_COOKIE immediately, you'll have to add them manually, e.g.

setcookie('cookie', $value, ....);
$_COOKIE['cookie'] = $value;
Sunday, December 4, 2022

Try this:

setcookie('user', 'value' ,time() + 6000, '/', '');

The expires Parameter needs to be a timestamp. 6000 as a timestamp is in the past and therefore removes the cookie.

Thursday, November 17, 2022
$cookie_name = "test";
$cookie_value = "123";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day

You need to write your php code like this

You can use this script If u can want particular cookie

function getCookie(cname) {
    var name = cname + "=";
    var ca = document.cookie.split(';');
    for(var i=0; i<ca.length; i++) {
        var c = ca[i];
        while (c.charAt(0)==' ') c = c.substring(1);
        if (c.indexOf(name) == 0) return c.substring(name.length,c.length);
    return "";

Monday, December 5, 2022

Which directory are you in when the cookie gets set?

From the PHP manual on setcookie(), emphasis mine:


The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain . If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain . The default value is the current directory that the cookie is being set in.

Tuesday, November 29, 2022

As you have already said, a cookie can only be set for a domain from that domain (including its subdomains). And if your domains do not share a common superdomain, you need set each cookie for each domain separately.

You can do this with a script that on each domain that sets the cookie for you. But make sure to authenticate requests to these scripts so that only you can set the cookies.

Saturday, August 6, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :