logout creates new session cookie about php-auth HOT 7 CLOSED

Thanks for your report!

I don't think what you're describing is actually happening. Can you check again?

There may be at least two reasons why you came to that conclusion: The developer tools or cookie inspection that you used does not refresh instantly or correctly. Or the code that you were testing has a redirect after logout, so that the new cookie is created on the subsequent page request.

from php-auth.

Thanks, @ocram! I bet the following is the culprit.

Or the code that you were testing has a redirect after logout, so that the new cookie is created on the subsequent page request.

If I have time, I'll strip the php-auth code out of my code and make sure, but I think you're right.

from php-auth.

If that is the issue, everything is fine, of course. Creating a new session and an accompanying new session cookie is totally okay and allows for session information to be stored about "guests" and for a new login later on.

from php-auth.

Have you been able to look into this?

Temporarily removing the redirect (that appears to be there) is probably enough to test this.

from php-auth.

@ocram Thank you for reminding me! I will remove the redirect & test, and get back to you ASAP.

from php-auth.

@ocram I'm not sure anymore that this is actually happening. Firefox cookies dialog shows these multiple cookies (one new one showing up on each logout), but FF developer tools storage inspector does not show multiples. And they don't seem to be causing any problems. Let's call it a weird quirk of the browser dialog. Thanks for your input!

from php-auth.

Thanks!

That's definitely a quirk in Firefox's cookie dialog. You always have to close that dialog and re-open it afterwards for it to discard deleted cookies. So it's not really a "realtime" view.

The storage inspector in the developer tools, however, works much better, as you said. You don't have to refresh manually there.

from php-auth.