Home/ Questions/Q 8099637
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T22:28:31+00:00

So this is my first time using cookies and i’m having some trouble setting

  • 0

So this is my first time using cookies and i’m having some trouble setting them. I think i’m doing everything correctly (but you know how programming can be). anyways I am creating a login system that will through a jquery.ajax call in validateLogin.js, to one php script (autologin.php), check if a user and their password are in a database by way of a function in another script (login.php), in login.php if the user exists and the password is the same the cookie is set and some json data is returned to autologin.php which then returns some more json data to the original jquery.ajax methods success function. the success function will then redirect to userarea.html, where a js function will automatically load the user data so it is available for use. this is done with another ajax call in loaduserdata.js which calls to loaduserdata.php which checks isset($_COOKIE['user'], and then returns some json data depending on what happens. however the isset($_COOKIE['user'] fails and i’m not getting any errors in the console or in any of the logs (php, mysql, apache). So i’m really stumped. here is my code:

validateLogin.js

function validateLogin(){
  $(document).ready(function(){
    $("#loginform").submit(function(){
      $.ajax({
        type: "POST",
        url: "./php/autologin.php",
        data: {
          'login': $("#login").val(), 
          'password': $("#password").val()
        },
        dataType: "json",
        success:function(data){
          if(data.status == "success"){
            alert(data.message);
            window.location = "./userarea.html";
          } else if (data.status == "error"){
            alert(data.message);
          }
        },
        error:function(thrownError){
          console.log(thrownError);
        }
      }); 
      return false;
    });

  });
}

autologin.php

<?php

include './login.php';
$login = $_POST['login'];
$password = $_POST['password'];
$loginattempt = login($login, $password);
$loginattemptdata = json_decode($loginattempt);
if ($loginattemptdata->{'status'} === "success") {
  echo json_encode(array('status' => "success", 'user' => $loginattemptdata->{"user"}, 'message' => "Login Successful!"));
  die();
} else {
  echo json_encode(array('status' => "error", 'error' => "loginfailure", 'message' => $loginattemptdata->{"message"}));
  die();
}
?>

login.php

<?php
include './connect_to_mysql.php';

function login($log, $pass) {
  $link = connect_to_mysql();
  $linkdata = json_decode($link);
  if ($linkdata->{'status'} === "success") {
    $sqlquery = mysql_query("SELECT * FROM userdata WHERE login='$log' AND password='$pass'") or die(mysql_error());
    if (mysql_num_rows($sqlquery) == 1) {
      setcookie("user", $log, 86400, '/', 'localhost');
      return json_encode(array('status' => "success", 'message' => "Login Successful.", 'user' => $log));
      die();
    } else {
      return json_encode(array('status' => "error", 'error' => "loginfailure", 'message' => mysql_error()));
      die();
    }
  } else {
    return json_encode(array('status' => "error", 'error' => "connectionerror", 'message' => $linkdata->{'message'}));
    die();
  }
}

?>

loaduserdata.js

$(document).ready(function(){
  $.ajax({
    type:"POST",
    url:"./php/loaduserdata.php",
    success:function(data){
      if(data.status === "success"){
        alert(data.status);
        alert(data.user);
      } else if (data.status === "error"){
        alert(data.status);
        alert(data.message);
        window.location = "./index.html";
      }
    },
    error:function(thrownError){
      console.log(thrownError);
    }
  });
});

loaduserdata.php

<?php
if (isset($_COOKIE['user'])) {
  $user = $_COOKIE['user'];
  echo json_encode(array('status' => "success", 'message' => $user));
  die();
} else {
  echo json_encode(array('status' => "error", 'message' => "Please login before continuing."));
  die();
}
?>

from what i’ve read you need to either refresh or redirect after setting a cookie for it to be available to a new script, which i believe is what i am doing. any help or direction would be greatly appreciated. thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Relying on a client side cookie for login status is a bad idea. Imagine what happens if the user crafts his own cookie with a random (valid) username? He will have gained access to your system without need for a password.

    Have you considered switching to a $_SESSION-based authentication procedure?

    The concept is that every visitor is assigned a unique ID (the session ID) which is stored as a cookie client side. When the visitor loads a page, the sessid cookie is passed along and php loads it from a session storage (most likely a file in /tmp/ if you haven’t configured sessions yet). This file is reflected with the $_SESSION variable, in which you can save data that is only accessible to that corresponding session ID. Thus, usernames or login status is handled server-side and never client side.

    <?php
# login.php
include './connect_to_mysql.php';

function login($log, $pass) {
  $link = connect_to_mysql();
  $linkdata = json_decode($link);
  if ($linkdata->{'status'} === "success") {
    $sqlquery = mysql_query("SELECT * FROM userdata WHERE login='$log' AND password='$pass'") or die(mysql_error());
    if (mysql_num_rows($sqlquery) == 1) {
      session_start();
      $_SESSION['user'] = $log;
      return json_encode(array('status' => "success", 'message' => "Login Successful.", 'user' => $log));
    } else {
      return json_encode(array('status' => "error", 'error' => "loginfailure", 'message' => mysql_error()));
    }
  } else {
    return json_encode(array('status' => "error", 'error' => "connectionerror", 'message' => $linkdata->{'message'}));
  }
}
?>

    Changes: (1) drop the die() after return. They are never executed. (2) save to session via session_start() and $_SESSION[‘user’] = $log; instead of using your own cookies.

    <?php
# loaduserdata.php
session_start();
if (isset($_SESSION['user'])) {
  $user = $_SESSION['user'];
  echo json_encode(array('status' => "success", 'message' => $user));
  die();
} else {
  echo json_encode(array('status' => "error", 'message' => "Please login before continuing."));
  die();
}
?>

    Changes: use session_start() and $_SESSION[‘user’] rather than relying on client side cookies.

    • 0