Invalidating session in javascript

Of notice, the cookie when set with a zero expire or ommited WILL not expire when the browser closes.What happens is that the browser, when closes the window, if it is a well behaved browser, will delete the cookie from the cookie store.Why fiddle around with time(); Here's the easiest way to unset a cookie:setcookie('name', 'content', 1); Thats it.If you're having problem with IE not accepting session cookies this could help: It seems the IE (6, 7, 8 and 9) do not accept the part 'Expire=0' when setting a session cookie. The default behavior when the 'Expire' is not set is to set the cookie as a session one.At least in my setup a change in one of the parameters resulted in the cookie not being 'there' anymore. Via javascript it is possible to steal cookies from other users.Thus allowing the stealer to login to your site as another user that might not have access otherwise. You can't be sure that the visitor will use the same IP the next visit.

Many people do it the complicated way:setcookie('name', 'content', time()-3600); But why do you make it so complicated and risk it not working, when the client's time is wrong?

Requests to subdom.will have both cookies, while browser request to or sends the cookie with the "value1hostonly" value.

If you are having issues with IE7 and setcookie(), be sure to verify that the cookie is set via http for http sites, and https for https site.

That is one of the reasons why the cookie values sent to browsers by some platforms are encrypted and timestamped, to ensure that they are actual and not tampered.

The next request from the browser will have both cookies in the $_SERVER['HTTP_COOKIE'] variable, but only one of them will be found in the $_COOKIE variable.