php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #23835 setcookie doc out of date
Submitted: 2003-05-27 11:25 UTC Modified: 2003-05-28 11:13 UTC
From: kruemelmonster at cookiecan dot de Assigned:
Status: Closed Package: Documentation problem
PHP Version: 4.3.2RC4 OS:
Private report: No CVE-ID: None
View Developer Edit
 [2003-05-27 11:25 UTC] kruemelmonster at cookiecan dot de 
the documentation of setcookie() suffers major inconsistencies.


from the setcookie() man page:

--------------------------------------------
expire:
The time the cookie expires. This is a unix timestamp so is in number of seconds since the epoch. In otherwords, you'll most likely set this with the time() function plus the number of seconds before you want it to expire. Or you might use mktime(). 
--------------------------------------------

refers to the old netscape-spec http://www.netscape.com/newsref/std/cookie_spec.html 
which clearly states: 

--------------------------------------------
expires=DATE 
The expires attribute specifies a date string that defines the valid life time of that cookie. Once the expiration date has been reached, the cookie will no longer be stored or given out. 
The date string is formatted as: 

Wdy, DD-Mon-YYYY HH:MM:SS GMT
This is based on RFC 822, RFC 850, RFC 1036, and RFC 1123,... [snip]
--------------------------------------------

unix_ts <?> datestring?    what gives?

please also consider the new specs published by the ietf:
http://www.ietf.org/rfc/rfc2109.txt
http://www.ietf.org/rfc/rfc2965.txt 
as posted by a user, implementing 'max-age'. 
 
either remove the explanation completely or correct it with a list of the type:

expires:
   - unix_ts
   - datestring
and you might want to include max_age


thanx

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-05-27 12:11 UTC] et@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

The parameter you pass to setcookie() as a timestamp gets converted to a date as specified by the rfc automatically. And there is nothing wrong with using the netscape specification, it is supported by the broadest range of browsers.
 [2003-05-27 12:23 UTC] goba@php.net 
I don't agree that this is not a bug. The reference refers that the netscape info, and there the expiration date is a string. This time->string conversion is done by PHP however. This is not documented. Also some links to the new RFCs would be good. They are more official then the Netscape docs. Even if we don't support all of the options fully.

BTW the question that the setcookie function needs a maxage paramater is a feature request, please open another bug as a feature request for that.
 [2003-05-27 12:59 UTC] et@php.net 
The documentation tells the user correctly how to use setcookie(). IMHO, he doesn't need to know about RFC822 dates - in fact, it doesn't help him at all. I'm not against adding a note in the manual page, but i consider it unneccessary, especially since the netscape document which states that the time in the header is a RFC822 date string is linked for those who are interested in the internals, but the average PHP user is not.
 [2003-05-27 14:22 UTC] goba@php.net 
The text says: "The following table explains each parameter of the setcookie() function, be sure to read the Netscape cookie specification  for specifics." Then the table says that the user need to use an integer for the time. That is inconsistent. As there is no note that the time is converted automatically.

Linking to the RFC instead of the Netscape docs is also more "standard".
 [2003-05-28 10:19 UTC] et@php.net 
Linking to the RFC instead of the Netscape docs would be wrong, because PHP implements the Netscape version and not RFC 2109 or RFC 2965.
And if the PHP Manual says you pass the expires argument as an integer, and the netscape docs say the expires attribute is a RFC822 Date String, it's imho obvious that it gets autoconverted. Maybe "specifics" should be changed into "internals", if you think that is more appropriate...
 [2003-05-28 11:13 UTC] philip@php.net 
This is now documented and will show up during the next manual build, thanks for the report :)

http://cvs.php.net/cvs.php/phpdoc/en/reference/http/functions/setcookie.xml

Too much information won't hurt anyone here, should be clearer now :)
 [2003-06-02 07:30 UTC] kruemelmonster at cookiecan dot de 
thanks for considering and discussing this minor issue!
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Aug 06 22:00:03 2025 UTC