Effective way to delete cookies in php
Instructions on deleting cookies begin-----
bool setcookie ( string name [, string value [, int expire [, string path [, string domain [, bool secure]]]]] )
To delete a cookie, you need to ensure that its expiration date is in the past to trigger the browser's deletion mechanism.
The following example illustrates how to delete the cookie just set:
//Set the expiration time to one hour ago
setcookie("TestCookie",
"", time() - 3600);
setcookie("TestCookie", "", time() - 3600, "/~rasmus/",
".utoronto.ca", 1);
?>
-----End of instructions on deleting cookies-----
The way to delete a cookie is to set the validity period of the cookie to before the current time, which is what almost all PHP programmers do.
Later, a friend who was new to PHP told me that he wanted to set the value of a cookie to empty in the program, but the cookie was deleted directly. My first reaction at the time was that I didn’t believe it, so I tested it
:
setcookie("testcookie",
'');
print_r($_COOKIE);
The result is that the entire $_COOKIE array is empty, not just $_COOKIE['testcookie']. So I used winsock to capture the packet and observed the returned http header. I found that the http header turned out to be "Set-Cookie:
testcookie=deleted; expires=Mon, 18-Jun-2007 02:42:33
GMT", which means "setcookie("testcookie",
'');" indeed deletes the cookie testcookie directly, and there is no explanation at all in the PHP manual about this situation.
Finally read the php source code and finally found the truth (this is the benefit of open source, if there is any unclear inside story, just check the source code directly).
The following code can be found near line 99 of ext/standard/head.c in the linux source package of php5.20:
if (value &&
value_len == 0) {
/*
* MSIE doesn't delete a cookie when you set
it to a null value
* so in order to force cookies to be deleted, even on
MSIE, we
* pick an expiry date 1 year and 1 second in the past
*/
time_t t = time(NULL) - 31536001;
dt = php_format_date("D,
d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, t, 0 TSRMLS_CC);
sprintf(cookie, "Set-Cookie: %s=deleted; expires=%s", name, dt);
efree(dt);
} else {
sprintf(cookie, "Set-Cookie: %s=%s", name, value?
encoded_value : "");
if (expires > 0) {
strcat(cookie, ";
expires=");
dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y
H:i:s T")-1, expires, 0 TSRMLS_CC);
strcat(cookie, dt);
efree(dt);
}
}
The source code clearly shows “if (value && value_len ==
0)", when "value_len" is 0, "sprintf(cookie, "Set-Cookie: %s=deleted; expires=%s", name,
dt);" will send the http header to delete the cookie to the browser.
Finally we can draw the conclusion: use "setcookie($cookiename, '');" or "setcookie($cookiename, NULL);" will delete cookies, which of course is not in these manuals.
Source: http://www.111cn.net/phper/21/f0eace11b1229a0f2c7c54e3c1ea4654.htm