UPDATE ON THE PROBLEM:
Just provide the 4th argument when calling setcookie
function :
setcookie ("PHPSESSID", "", time() - 3600, '/');
Explanation
The 4th argument of the
setcookie()
function is$path
of the session to be set. And for this, "The default value is the current directory that the cookie is being set in.". (See : http://php.net/manual/en/function.setcookie.php.) So if you are calling this function from a file locating in folder "/folder", it will try to delete a cookie from that folder only. By setting the$path
to "/" we are telling the function to delete the session_id from the root directory.
I have tested it and it deleted the PHPSESSID
from the cookie successfully.
If you send manually the header with new expiring date for desired path, the client should remove it.
session_start();
header("Set-Cookie:PHPSESSID=".session_id()."; expires=Sat, 07-Nov-1999 14:58:07 GMT; path=/cv/");
The first time, you have the old cookie path, but from the second page call only the cookie in path /
will be stored and transmitted.
You can send this header when you know if the client is affected by this problem or having this for some month.
You can remove it by setting it with a previous time for it to expire:
setcookie('phpsessid','value',time()-1);
Lets go back to basics - Here is something that I believe you should try: Run your site. Keep a note of PHPSESSID. then close the browser completely, open the browser again, and then run your site. Check the PHPSESSID and see if it is the same.
If it is not same then it is not a cookie but a Session ID specific for the browser session. Second, if the PHPSESSID is the same as set the first time then it is a cookie and you 'will' be able to delete any key=>value pair set to the cookie resources. May be you are referencing something wrong in the JS or PHP code.
Please try this and revert with results. It will give a lot more clarity. Sessions, LocalStorage, IndexDB, Cookies all are different things and referenced differently.
I would simply expire the cookie from /folder
. This should leave you with only one session cookie for /
setcookie('PHPSESSID', '', time() - 86400, '/folder/');
First thing you have to understand that you cannot delete the COOKIES
on client systems by any means. When you invalid then browser doesn't delete it, but makes the cookie unvalid. The cookie is still there on the clients system. But the browser just ignores it. In order to delete it the client must do it themselves.
To invalid all sessions you can use
session_start(); // initialize session
session_destroy(); // destroy session
setcookie("PHPSESSID","",time()-3600,"/"); // delete session cookie
or javascript code:
document.cookie = "PHPSESSID=; expires=Thu, 01 Jan 1970 00:00:00
UTC;path=/;host=localhost";
In every case you can't delete cookie set by browser's. As PHP and javascript can only issue commands only to invalid the already set cookies present.
By the client himself.
Direction to flush cookies and cache
Uninstall the browser and then Re-Install it.
Create a new php script and insert it on the top of login.php and in this script you check whether there are two PHPSessionId and if there are two then destroy all of them and reload the page. Until you reload the last cookie used before any event would be in-session. You must reload the page or redirect use:
Removing two PHPSESSID
count=0;
foreach($_COOKIE as $key => $value){
if ( $key == "PHPSESSID" ){
count++;
}
}
if (count>1){
//Destory all cookies here
foreach($_COOKIE as $key => $value){
setcookie($key,"",time()-3600,"/");
}
//Reload/redirect the current page to dispose of all things
header("Locations:" . $your_url);
exit(0);
}
Now there would be only I session of PHPSESSID in every case