php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #23955 setcookie(): max-age needed [to comply with rfc]
Submitted: 2003-06-02 07:51 UTC Modified: 2013-01-06 02:24 UTC
Votes:13
Avg. Score:4.5 ± 0.6
Reproduced:11 of 11 (100.0%)
Same Version:2 (18.2%)
Same OS:2 (18.2%)
From: kruemelmonster at cookiecan dot de Assigned: lstrojny
Status: Closed Package: *General Issues
PHP Version: 4.3.2 OS:
Private report: No CVE-ID:
 [2003-06-02 07:51 UTC] kruemelmonster at cookiecan dot de
based on the discussion in #23835, I file here that the function setcookie() should include the missing paramenter 'max-age'.

max-age is defined in:
http://www.ietf.org/rfc/rfc2109.txt
http://www.ietf.org/rfc/rfc2965.txt 
which both are referenced in the documentation of the setcookie() - func itself.

max-age has become more and more important, because it removes the timezone-issue from the former way of timestamping cookie expiration dates.


thanks for considering. 

-----

here's some detail taken from the rfc-specs:


Max-Age=value

  OPTIONAL.  The value of the Max-Age attribute is delta-seconds, the lifetime of the cookie in seconds, a decimal non-negative integer.  To handle cached cookies correctly, a client SHOULD calculate the age of the cookie according to the age calculation rules in the HTTP/1.1 specification [RFC2616].  When the age is greater than delta-seconds seconds, the client SHOULD discard the       cookie.  A value of zero means the cookie SHOULD be discarded immediately.



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-10-25 09:35 UTC] jpauli@php.net
-Package: Feature/Change Request +Package: *General Issues
 [2012-10-25 09:35 UTC] jpauli@php.net
The timezone is not an issue as dates are GMT based anyway.
However, the issue shows up when the client UA has a wrong local time set.
 [2013-01-06 02:24 UTC] lstrojny@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: lstrojny
 [2013-01-06 02:24 UTC] lstrojny@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Merged in 5.5 and master.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 13:01:59 2014 UTC