Description:
------------
Both the session_set_cookie_params() and setcookie() functions output dates in the format:

Wdy, DD Mon YY HH:MM:SS GMT

Which appears to be correctly parsed in browsers such as MSIE and Mozilla/Firefox. However, I have noticed that some of the popular Mobile Client Web Browsers (such as OpenWave) do not parse the date properly and set the "expires" value to the end of the current session, regardless of the "expires" value intended.

According to RFC 2109, the "expires" value is obsolete and replaced with "max-age" (which is not set by either function listed above). But it does state that browser vendors should be aware that the "Expires" tag may be used as defined by the original Netscape proposal.

The original Netscape proposal states the following about the Expire value:

"The date string is formatted as:

    Wdy, DD-Mon-YYYY HH:MM:SS GMT

This is based on RFC 822, RFC 850, RFC 1036, and RFC 1123, with the variations that the only legal time zone is GMT and the separators between the elements of the date must be dashes."


My opinion is that either the PHP functions should use the "Max Age" value (with an integer indicating number of seconds) per the RFC or the date format returned should have the dash between the day, month and year.



Reproduce code:
---------------
<?php

$time=mktime(1,1,1,3,9,2008);
setcookie("foo", "bar", $time, "/", ".example.com", 0);

// and

session_set_cookie_params ( 10000, "/", ".nodemap.com", 0);
session_start();

?>

Expected result:
----------------
200 OK
Set-Cookie: foo=bar; expires=Sun, 09-Mar-2008 09:01:01 GMT; path=/; domain=.example.com
Set-Cookie: PHPSESSID=e5e7ea79f6450d219c7471e559a29bab; expires=Thu, 12-Jan-2006 03:16:47 GMT; path=/; domain=.example.com


Actual result:
--------------
200 OK
Set-Cookie: foo=bar; expires=Sun, 09 Mar 2008 09:01:01 GMT; path=/; domain=.example.com
Set-Cookie: PHPSESSID=e5e7ea79f6450d219c7471e559a29bab; expires=Thu, 12 Jan 2006 03:16:47 GMT; path=/; domain=.example.com