Cookies PHP when Log out

Cookies PHP

Code:
<?php
if (isset ($_COOKIE['uid']) && $_COOKIE['uid']) {
?>
<html>
<head><title>Index page</title></head>
<body>
Logged in with UID: <?php echo $_COOKIE['uid']; ?><br />
<a href='logout.php'>Log out</a>.
</body>
</html>
<?php
} else {
/* If no UID is in the cookie, we redirect to the login
➥page */
header('Location: http://kossu/examples/login.php');
}
?>
Using this user id for important items, such as remembering authentication data (as we do in this script), is not wise, because it’s easy to fake cookies.
(For most browsers, it is enough to edit a simple text field.) A better solution
using PHP sessions—follows in a bit.
Deleting a cookie is almost the same as setting one. To delete it, you use
the same parameters that you used when you set the cookie, except for the
value, which needs to be an empty string, and the expiry date, which needs to
be set in the past. On our logout page, we delete the cookie this way:
<?php
setcookie('uid', '', time() - 86400, '/');
header('Location: http://kossu/examples/login.php');
?>
The time() - 86400 is exactly one day ago, which is sufficiently in the
past for our browser to forget the cookie data.
Figure 5.3 shows the way our scripts can be tied together.
As previously mentioned, putting authentication data into cookies (as we
did in the previous examples) is not secure because cookies are so easily faked.
PHP has, of course, a better solution: sessions.