The Mozilla docs provide some instructions on how to find your profile folder, where it [URL=“http://support.mozilla.org/en-US/kb/Cookies”]states Firefox stores its cookies.
As I said before, it looks like it is here…
I looked in Library/Firefox/Profiles/xxxxx.default/
And I see…
Code:
cookies.sqlite
cookies.sqlite-shm
cookies.sqlite-wal
But also as I said…
I tried opening the first one up in TextWrangler but the file contents are pretty nonsensical.
So that leads me back to my original question of why is my Session Cookie apparently persisting after it should be cleaned out? (Since I can’t easily read the entries in the cookies.sqlite file, I am at a loss…)
Debbie
Which takes me back to my question which you wouldn’t answer…
You have Firebug, and it will show you the raw HTTP request/response your browser sends and receives. You can inspect the headers listed in there for the cookie information sent between your browser and the server.
Where is that in FireBug??
And to answer your original question…
Yes, the returnToPages do have their own…
session_start();
But I commented out the line in my “log_out.php” file that does the redirect, and in FireFox I can still see…
Site: local.debbie
Cookie Name: PHPSESSID
Contents: 4d50decfdfca1f3b7f3eb4f826d6a1c3
1.) When I am Logged In
2.) When I am Logged Out
3.) After I quit FireFox, come back in, and look for the Cookie Value?!
So what is up with that?!
It is like the Session Cookie will never disappear or its contents are never erased - which I thought my code did?!
And I went to…
Library/Firefox/Profiles/xxxxx.default/
And opened up…
cookies.sqlite
…in TextWrangler, but the file is jibberish, and there is no easy way for me to see if the PHPSESSID is being erased or not. (Although according to FireFox in Preferences, FireFox is persisting the Session Cookie AND the Session ID inside the Session Cookie…)
Hope you follow me?
And I hope I answered your question now!
Thanks,
Debbie
You’re digging too deep Debbie and as such, missing out on a few of the simpler things. Let me try and help…
Here’s three files; index.php, login.php and logout.php.
index.php
<?php
/* Additional logic is needed here for non-cookie sessions, hence the abstraction */
function should_start_session(){
return isset($_COOKIE[ ini_get('session.name') ]);
}
if(should_start_session()){
session_start();
}
?>
<html>
<head>
<title>Sitepoint.com Demo</title>
</head>
<body>
<h1>Sitepoint.com Demo</h1>
<?php if(isset($_SESSION['admin'])): ?>
Welcome back, you can log out <a href="logout.php">here</a>
<?php else: ?>
Ooops you're not logged in, you can log in <a href="login.php">here</a> though.
<?php endif; ?>
<h4>Debug::Cookies</h4>
<pre><?php print_r($_COOKIE); ?></pre>
<h4>Debug::Session</h4>
<pre><?php print_r($_SESSION); ?></pre>
</body>
</html>
login.php
<?php
session_start();
$_SESSION['admin'] = 1;
header('Location: http://is.gd/hgnnuo');
exit;
logout.php
<?php
session_start();
session_destroy();
if(ini_get('session.use_cookies')){
$params = session_get_cookie_params();
setcookie(
session_name(),
'',
time() - 1,
$params['path'],
$params['domain'],
$params['secure'],
$params['httponly']
);
}
header('Location: http://is.gd/hgnnuo');
exit;
I’ve also popped up a demo of these three files in action here, sometimes “seeing” can make things a little clearer.
Come back with specific questions and I’ll answer them for you. 
Anthony.
Wow! That was deep!
I need to chew on that code for a while…
Debbie
Hi,
I have been messing around with php sessions and cookies in order to learn more about securing php applications. I haven’t read all of the above thread so sorry if I’m repeating stuff but I thought this might be useful to someone. This is with the default settings for MAMP 2.0.1 and PHP 5.3.6 on a Mac OSX 10.6.8 (Snow Leopard).
Session data is stored here on MAMP:
/Applications/MAMP/tmp/php
You can open this in a text file and read the array quite easily. Or if you’re logged in via SSH you could read it with VI editor. The name of the session files I have are:
sess_HASHED SESSION ID GOES HERE
The session id is then stored in the cookie in a browser dependent location. I have been using chrome and they cookies are stored in SQLite tables here:
/Users/put_your_username_here/Library/Application Support/Google/Chrome/Default
You’re looking for a file named Cookies
I downloaded SQLite Database Browser from here: http://sqlitebrowser.sourceforge.net/ to open these files.
It basically opens the table as a speadsheet and you and view all the cookies there.
So there you go, that’s how you can find your session cookie and its corresponding session data without using php.
I installed that app and tried opening the cookies.sqlite file but nothing shows up in the app? :-/
Debbie
Is this relevant now?
Why?
Did the topic change?! :-/
Debbie
Not exactly changed but as Anthony already told that you are going more deeper than it is required. The code and three files Anthony provided are more than enough to try session (login, see private page and logout). Put three files in a separate folder and try browsing the site/page. If you run it as localhost (http://localhost/yourfolder/) then here are steps to see the cookie values in Firefox:
- Go to Options box Firefox->Options (Latest Firefox has a drop-down arrow at upper left corner).
- Click on the Privacy tab.
- Click on the link ‘Remove individual cookies’ link.
- Type ‘localhost’ in Search box.
- Now scroll down to see all the cookies stored for the domain ‘localhost’.
- Click on the CookieName that you want to see the value “content” below the list.
Hope that helps! Good luck!
I think that’s for you to decide Debbie.
How did you get on with the code I posted? Did you manage to understand what and why it is doing what it does?
In addition to Raju’s excellent reply, you can omit the local hosting as it’s still being hosted at the original location mentioned earlier.