Greetings,
Been going around in circles trying to figure out why this will not work. Making a low security log-in system using cookies due to an issue with sessions on the device being used. The set cookie works on its own but either is not setting properly in this script or is not being read properly on the auth script. Also, after the cookie should be set, it is not in the browser. Ideas??
Login
<?php
//If passwords match, a cookie is created
if ($pw = $hashedpw) {
$memberID = "1221"; //Pulled from DB
setcookie('MDADMIN_SESS_ID',$memberID,'0','', '.somewhere.com');
header('Location: http://somewhere.com/secure_page.php');
}
?>
Auth
<?php
//Verify that cookie is present
$cookie = $_COOKIE['MDADMIN_SESS_ID'];
if(!isset($cookie)) {
header("Location: http://somewhere.com/failed.php");
exit();
}
?>
The process is as follows: Login Form -> Login Script -> Secure Page (if passwords match) -> Auth Script checked (via include) -> redirect to failed login if cookie not present. When run, it always defaults to the cookie not being present, even though the login script correctly directs to the secure page (logged in successfully).
try
<?php
//If passwords match, a cookie is created
if ($pw = $hashedpw) {
$memberID = "1221"; //Pulled from DB
setcookie('MDADMIN_SESS_ID',$memberID,'0','/', '.somewhere.com');
header('Location: http://somewhere.com/secure_page.php');
exit();
}
?>
You are missing a / for the path.
Also make sure you have an exit(); function after the header; because if you unset the cookie later at someplace then it might also get affect.
try to add / to this line (in $path variable) If set to '/', the cookie will be available within the entire domain
setcookie('MDADMIN_SESS_ID',$memberID,'0','/', '.somewhere.com');