[nycphp-talk] Cookie
Michele Waldman
mmwaldman at nyc.rr.com
Thu Mar 19 10:19:04 EDT 2009
Don't worry, I don't use the cookie for login authentication.
My client wanted a link "back to account" on the public pages when the user
is logged in.
Since $REMOTE_USER wasn't available in the public realm, I was only going to
use the cookie for that link.
I wound up using a session variable instead, but was wondering what I had
done wrong.
Michele
_____
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of David Mintz
Sent: Thursday, March 19, 2009 9:48 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Cookie
On Thu, Mar 19, 2009 at 9:18 AM, Scott Mattocks <scott at crisscott.com> wrote:
Michele Waldman wrote:
I was defined in the subdirectory, but not the root directory.
So, I don't think it was an expiration problem.
It isn't that the cookie is expired already. It is that you are setting the
path as the expiration. You can't just leave it out and hope that the
function figures out you really meant / to be the path. You have to put
something where the expiration value goes.
Moreover, are you sure you want to rely on cookies for testing whether a
user is authenticated?
--
David Mintz
http://davidmintz.org/
The subtle source is clear and bright
The tributary streams flow through the darkness
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20090319/e7e6e22a/attachment.html>
More information about the talk
mailing list