We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Can't delete a cookie

Seems I am doing something wrong, could someone point me in the right direction (version: 2.0.13)?


class TestController extends ControllerBase
{
    public function setAction()
    {
        $this->view->disable();

        // Set cookie
        $this->cookies->set(
            'test',
            'This is the value',
            time() + 3600,
            '/',
            false,
            'localdomain.local',
            true
        );

        // Redirect to deleteAction
        $this->response->redirect('test/delete');
    }

    public function deleteAction()
    {
        $this->view->disable();

        if ($this->cookies->has('test')) {
            // Save to test session
            $this->persistent->set('test', $this->cookies->get('test')->getValue());

            // Delete cookie
            $this->cookies->get('test')->delete();
        }

        // Redirect to checkAction
        $this->response->redirect('test/check');
    }

    public function checkAction()
    {
        $this->view->disable();

        // Saved value from the cookie, before we "deleted" it
        echo 'Original value is: ', $this->persistent->get('test'), '<br />';

        // Value should be empty, but echos "This is the value"
        if ($this->cookies->has('test')) {
            echo 'Current value is: ', $this->cookies->get('test')->getValue();
        }
    }
}

I get:


Original value is: This is the value
Current value is: This is the value

What happens if you print_r($_COOKIE) at the beginning of checkAction()?



12.2k

Yes, I DO get a $_COOKIE['test'] value.

I also see the cookie in the browser (with expiry date NOT changed and value set).

I am going insane about this... :)



12.2k
edited Jun '16

If I change it to this, I still get the cookie value and see it in the browser, yep I am losing my mind...


    public function checkAction()
    {
        $this->view->disable();

        print_r($_COOKIE['test']. "<br />");

        unset($_COOKIE['test']);
        setcookie('test', '', time() - 3600);

        // Saved value from the cookie, before we "deleted" it
        echo 'Original value is: ', $this->persistent->get('test'), '<br />';

        // Value should be empty, but echos "This is the value"
        if ($this->cookies->has('test')) {
            echo 'Current value is: ', $this->cookies->get('test')->getValue();
        }
    }

That should not be possible... Btw, PHP 5.6.21-1~dotdeb+7.1

EDIT: Nope, that kills it when I change it to:


setcookie('test', '', time() - 3600, '/', 'localdomain.local');


85.5k
edited Jun '16

you cant delete a cookie before the headers has been send. It mean you need to send a responce so the browser can delete it.

and cookie is deleted by time() - something, not with unset :-)



12.2k

@Izopi4a

Could you show me how it should be done, Phalcon way, on my example in post one? Because, I don't see what I am doing wrong.



145.0k
Accepted
answer
edited Jun '16

You can't redirect after deleting cookie. It will return headers from the new redirected page i think. Try to comment this $this->response->redirect('test/check'); and see what happens.

Actually it only deletes cookie in phalcon for request time, after redirect and another request they still exists in the browser(and that means they will still exist in phalcon) beacause of redirect, you need to get rid of them in browser too(using js or something) if you want to really use redirect. Or just get rid of deleteAction and do:

public function checkAction()
    {
        $this->view->disable();

        if ($this->cookies->has('test')) {
            // Save to test session
            $this->persistent->set('test', $this->cookies->get('test')->getValue());

            // Delete cookie
            $this->cookies->get('test')->delete();
        }

        // Saved value from the cookie, before we "deleted" it
        echo 'Original value is: ', $this->persistent->get('test'), '<br />';

        // Value should be empty, but echos "This is the value"
        if ($this->cookies->has('test')) {
            echo 'Current value is: ', $this->cookies->get('test')->getValue();
        }
    }

This should work. You are just redirecting page before sending cookies to browser - that's why it's not working, browser don't even know it has to delete it.



12.2k

Although, native setcookie (negative time) function does delete the cookie when the current action is being redirected. Seems $this->cookie->get()->delete() can't do that.

I always thought redirect will end the current request, give response and then use Location to redirect.