Is there a way to invalidate user's cookie?
Scenario:
- User comes to my website (I can get any data I want);
- User leaves the pages;
- After some time a callback from another server comes with user ID. At this point, I need to invalidate user session and cookies.
With sessions, this was as simple as:
session_id($user['session_id']);
session_destroy();
How to achieve the same with cookies?
Please see comments under this post for more details and how it is related with Facebook.
The simple solution would be to replace the bit where PHP-SDK is storing information about the user from cookies to session, but going to the package file is always a bad idea.
EDIT
Your other comments suggest you're not really aware of what a cookie literally is, so I apologize in advance if you already understand what I'm about to explain.
Although I suspect you need some Facebook-specific help in answering or resolving your actual concern, I'd like to point out what a cookie actually is:
HTTP/1.1 200 OK
Content-type: text/html
Set-Cookie: name=value
Set-Cookie: name2=value2; Expires=Wed, 09 Jun 2021 10:18:14 GMT
http://en.wikipedia.org/wiki/HTTP_cookie#Setting_a_cookie
This is how cookies are transmitted between the client and server (requester/responder). You can use the Net tab in Firebug or Chrome Console to see for yourself how requests are made and what data is sent back and forth. They are not by nature "logged" systematically, are not finite "things" per se, but simply part of a header which is included in the packet of the request and response, something like a CC/BCC field in an email header: pseudo-transient but descriptive.
To accomplish an effect of Cookies are validated before consuming, you would need to determine how to attach a reference ID to the cookie, or (alternately) detect a specific cookie with a calculated code that must be present when the other data is submitted in a request. Another approach is described in Jan's answer.
Cookies, though, are not typically handled this way. They're just transports, means to an end, filling a void between GET and POST.
You're not "invalidating a cookie" so much as invalidating the permissions that cookie's data is extending to whoever is using it in conjunction with requests.
One, how do you know it comes from a different server? Two, if you can determine a request is not legitimate, whatever that cookie's data references on your server to give it permission to perform actions on behalf of a user needs to be removed, ie, whatever session is indicated is ended/destroyed, or whatever else.
The cookie, though, is only a transport for that data. You have to be able to intercept, detect, and block whatever access it provides it's holder with to render it "useless".
If you're asking something specific, please provide more information. But essentially it seems as if all you need to do is have a way to ignore cookies which contain data that you've identified as not valid or authentic or provides improper access (to imposters).
You can't set (unset/invalidate) a cookie for a user that is not making a request to your server directly. You will have to do some more work.
I would go this way about it:
Store which cookies have you set for a user somewhere (db, redis, whatever). This way wou will know which cookies user has. Then when a request to invalidate comes, mark cookies for that user in your storage as deleted (or something like that). Then every time a user requests your page check if he has any deleted cookies in your storage. If he has destroy his session and invalidate his cookies there (setting them in the past for instance).
Cookie lives in the client side, you can do nothing with it in the server side.
However if your "After some time" means the cookie should be expired after some time, you should set the expire time when you set the cookie. You don't need to worry about whether the user is still on his page or not, because if he leaves and access again after some time, the browser will deal it for you.
For example, the code below shows how to set an cookie which should be expired after 1 hour.
$value = 'something from somewhere';
setcookie("TestCookie", $value);
setcookie("TestCookie", $value, time()+3600); /* expire in 1 hour */
setcookie("TestCookie", $value, time()+3600, "/~rasmus/", "example.com", 1);
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 啃猪蹄的小仙女 的文章《Is there a way to invalidate user's cookie?》','https://www.manongdao.com/article-937612.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}