Question 30207 in Wordpress Question posted in
The official Wordpress documentation can be found here.

Can't delete WordPress cookies

I am working on WordPress multisite, and I have changed the login functionality. However, it needs the users to delete old cookies before using this functionality I have created. So I am trying to clear the user’s cookies by setting a new cookie, custom_wordpress_login_cookie, to know which of the users have old cookies in the browser, as shown in the following code.

add_action('init', 'clear_all_cookies_before_login');
function clear_all_cookies_before_login(){
    if( ! isset( $_COOKIE['custom_wordpress_login_cookie'] ) ){
        foreach( $_COOKIE as $key => $value ){
            setcookie( $key, '', time() - YEAR_IN_SECONDS);
        }
        setcookie( 'custom_wordpress_login_cookie', 'true',
            time() + YEAR_IN_SECONDS, '/', COOKIE_DOMAIN, false, true );
    }
}

The new cookie is being set, but the old cookies persist. What could be the issue?

Tags:

6

Answers


  1. 0

    you must used first unset

    unset( $_COOKIE[$v_username] );
setcookie( $v_username, '', time() - ( 15 * 60 ) );

    Once that’s done, we will force the cookie to expire by setting its value variable to a null value (“”) and passing in a timestamp that’s in the past (time() – ( 15 * 60 )).

    Login or Signup to reply.
  2. 0

    To prevent creation of a second cookie with the same name, pass / as the path argument to setcookie().

    And so, you must change this line:

    setcookie( $key, '', time() - YEAR_IN_SECONDS);

    to:

    setcookie( $key, '', time() - YEAR_IN_SECONDS, '/');

    Also note that the way you’re expiring cookies may not work if the user’s system time is configured incorrectly. This is rare*, but does happen. A simpler way to expire cookies is to simply call:

    setcookie( $key, '', 1, '/');

    *the user would likely run into TLS issues if the webpage is served over HTTPS.

    Login or Signup to reply.
  3. 0

    This is not an answer related to how you can clear cookies, but this solution will help you make sure that all the users currently logged into your website will need to login again.

    Go in the wp-config.php and reset the secret salt keys. You can generate new ones here: https://api.wordpress.org/secret-key/1.1/salt/ .

    That way it will force all of your users to login again and you no longer need to write code to delete the users’ cookies.

    Login or Signup to reply.
  4. 0

    You are doing absolutely correct but the deletion of the cookie would not work. The above code will only expire the cookie in the current session. You have to destroy the session also if you want to make the old cookie dis-appear. Thus your new code would be like this:

    add_action('init', 'clear_all_cookies_before_login');
    function clear_all_cookies_before_login(){
        if( ! isset( $_COOKIE['custom_wordpress_login_cookie'] ) ){
            foreach( $_COOKIE as $key => $value ){
                setcookie( $key, '', time() - YEAR_IN_SECONDS);
            }
            setcookie( 'custom_wordpress_login_cookie', 'true', time() + YEAR_IN_SECONDS, '/', COOKIE_DOMAIN, false, true );

            //Destroy the session and re-direct the user to other location
            //this will make sure to disappear the old cookie and new cookie 
            //only will remain

            session_destroy();
            header("Location:/");
        }
    }
    Login or Signup to reply.
  5. 0

    Try: setcookie( $key, '', time() - 3600, '/', COOKIE_DOMAIN);

    Login or Signup to reply.
  6. 0

    According WordPress documentation, it combines the salt keys with the password. The hash function mixes these up and gives a result. After that it stores inside a cookie to "remember" the login process or tracking behavior.

    example: That’s the reason two different usernames with the same password are successfully identified as different logins.

    First you have to make distinct cookies for every user. Let’s say custom_wordpress_login_cookie will contain inside a string with the username or any associated encoded string (preferred).

    Then you will check if the custom_wordpress_login_cookie exists and contains the appropriate username.

    Act accordingly, if found, perform your logic and then delete (unset) the cookie. Else create a new one.

    The following code explains the flow…

    function clear_all_cookies_before_login() { 
// Current Time of visit
$time_now = date('F j, Y g:i a');
 
// Check a cookie already set
if(isset($_COOKIE['custom_wordpress_login_cookie'])) {
 
// Found Cookie 
function check_visitor() {
 
// Retrieve information to use for your logic 
$lastvisit = $_COOKIE['custom_wordpress_login_cookie'];
$string .= 'Since your last login '. $lastvisit .'. We have a tone of new things!'; 
 
// Delete the old cookie so that we can set it again with updated time
unset($_COOKIE['custom_wordpress_login_cookie']); 
 
return $string;
}} else { 

// Not found cookie
function check_visitor() { 
$string .= 'Welcome to our website! Please login...' ;
return $string;
}   
}
add_shortcode('New_Message', 'check_visitor');
 
// Set new cookie with expiration of 1 Day
setcookie('custom_wordpress_login_cookie',  $time_now , time()+86400);
}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search