PHP Cook-ies Max-Age WRONG!? - GoFuckYourself.com

mryellow · 08-14-2004, 09:36 PM

PHP's setcookie function seems to be wrong....

It used to be that you'd set cookies based on a GMT general date
format. However this wasn't affective as there is no way you can
set a client to expire based on the server time as there is little
chance of them being the same.

So the standard was changed to "Max-Age" being "Seconds till
expire". However the PHP manual states that it's "Seconds since
Epoch (1/1/1970)". Which still creates the client/server conflict in
time settings.

Is the PHP manual wrong?
or
Is PHP wrong?
or
Is does it work as it should?
Meaning you just set the number of seconds to expiry.

-Ben

Intrigue · 08-14-2004, 09:51 PM

try time()+$secs

mryellow · 08-14-2004, 09:55 PM

From what I can figure out the PHP manual is flat-out wrong.

There are a crapload of people coming up with all kinds of stupid
methods to work around the "problem" when the only real
problem is the manual is wrong.

-Ben

mryellow · 08-14-2004, 09:59 PM

try time()+$secs is wrong.

time() is on the server. The cookie is expiring on the client.

How can you set the expiry based on Epoch if the server and
client time are not exactly the same.... You can't... Thus they
changed the specifications and instead of using "Expires" (GMT
general date) they now use "Max-Age" (seconds TILL EXPIRY)....
Whereas the manual states it is "seconds since Epoch" which is
wrong.

There are crap-loads of ppl writting all sorts of stupid functions to
properly handle this when the only real problem is the manual
has false information.

It seems this false information is so well spread that netscape
even accounts for it and will use either the correct or incorrect
method for expiry time by checking the server time against that of
the client. However I believe this is the only browser which does
such. Man there must be a LOT of people out there with incorrect
cookie code.

-Ben

Intrigue · 08-14-2004, 10:16 PM

has always worked fine for me...

mryellow · 08-14-2004, 10:19 PM

If you're setting a time well in the future you will not notice.

-Ben

08-14-2004, 09:36 PM	#1
mryellow Confirmed User Industry Role: Join Date: May 2001 Location: Australia Posts: 934	PHP Cook-ies Max-Age WRONG!? PHP's setcookie function seems to be wrong.... It used to be that you'd set cookies based on a GMT general date format. However this wasn't affective as there is no way you can set a client to expire based on the server time as there is little chance of them being the same. So the standard was changed to "Max-Age" being "Seconds till expire". However the PHP manual states that it's "Seconds since Epoch (1/1/1970)". Which still creates the client/server conflict in time settings. Is the PHP manual wrong? or Is PHP wrong? or Is does it work as it should? Meaning you just set the number of seconds to expiry. -Ben __________________ Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post.

08-14-2004, 09:55 PM	#3
mryellow Confirmed User Industry Role: Join Date: May 2001 Location: Australia Posts: 934	From what I can figure out the PHP manual is flat-out wrong. There are a crapload of people coming up with all kinds of stupid methods to work around the "problem" when the only real problem is the manual is wrong. -Ben __________________ Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post.

08-14-2004, 09:59 PM	#4
mryellow Confirmed User Industry Role: Join Date: May 2001 Location: Australia Posts: 934	try time()+$secs is wrong. time() is on the server. The cookie is expiring on the client. How can you set the expiry based on Epoch if the server and client time are not exactly the same.... You can't... Thus they changed the specifications and instead of using "Expires" (GMT general date) they now use "Max-Age" (seconds TILL EXPIRY).... Whereas the manual states it is "seconds since Epoch" which is wrong. There are crap-loads of ppl writting all sorts of stupid functions to properly handle this when the only real problem is the manual has false information. It seems this false information is so well spread that netscape even accounts for it and will use either the correct or incorrect method for expiry time by checking the server time against that of the client. However I believe this is the only browser which does such. Man there must be a LOT of people out there with incorrect cookie code. -Ben __________________ Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post.

08-14-2004, 10:19 PM	#6
mryellow Confirmed User Industry Role: Join Date: May 2001 Location: Australia Posts: 934	If you're setting a time well in the future you will not notice. -Ben __________________ Cyberwurx Hosting After trying 5 different hosts, I found the best. Since 1997 I've had 2 hours of downtime. Fast support, great techs, no hype, no gimmicks. <- I in no way endorse whatever just got stuck on the left of my post.

08-14-2004, 09:51 PM	#2
Intrigue Confirmed User Join Date: Feb 2004 Location: Ohio, US Posts: 662	try time()+$secs

08-14-2004, 10:16 PM	#5
Intrigue Confirmed User Join Date: Feb 2004 Location: Ohio, US Posts: 662	has always worked fine for me...