php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #23955 setcookie(): max-age needed [to comply with rfc]
Submitted: 2003-06-02 07:51 UTC Modified: 2013-01-06 02:24 UTC
Votes:13
Avg. Score:4.5 ± 0.6
Reproduced:11 of 11 (100.0%)
Same Version:2 (18.2%)
Same OS:2 (18.2%)
From: kruemelmonster at cookiecan dot de Assigned: lstrojny (profile)
Status: Closed Package: *General Issues
PHP Version: 4.3.2 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: kruemelmonster at cookiecan dot de
New email:
PHP Version: OS:

 

 [2003-06-02 07:51 UTC] kruemelmonster at cookiecan dot de 
based on the discussion in #23835, I file here that the function setcookie() should include the missing paramenter 'max-age'.

max-age is defined in:
http://www.ietf.org/rfc/rfc2109.txt
http://www.ietf.org/rfc/rfc2965.txt 
which both are referenced in the documentation of the setcookie() - func itself.

max-age has become more and more important, because it removes the timezone-issue from the former way of timestamping cookie expiration dates.


thanks for considering. 

-----

here's some detail taken from the rfc-specs:


Max-Age=value

  OPTIONAL.  The value of the Max-Age attribute is delta-seconds, the lifetime of the cookie in seconds, a decimal non-negative integer.  To handle cached cookies correctly, a client SHOULD calculate the age of the cookie according to the age calculation rules in the HTTP/1.1 specification [RFC2616].  When the age is greater than delta-seconds seconds, the client SHOULD discard the       cookie.  A value of zero means the cookie SHOULD be discarded immediately.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-10-25 09:35 UTC] jpauli@php.net
-Package: Feature/Change Request +Package: *General Issues
 [2012-10-25 09:35 UTC] jpauli@php.net 
The timezone is not an issue as dates are GMT based anyway.
However, the issue shows up when the client UA has a wrong local time set.
 [2013-01-06 02:24 UTC] lstrojny@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: lstrojny
 [2013-01-06 02:24 UTC] lstrojny@php.net 
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Merged in 5.5 and master.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 12:01:29 2024 UTC