|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #23955 setcookie(): max-age needed [to comply with rfc]
Submitted: 2003-06-02 07:51 UTC Modified: 2013-01-06 02:24 UTC
Avg. Score:4.5 ± 0.6
Reproduced:11 of 11 (100.0%)
Same Version:2 (18.2%)
Same OS:2 (18.2%)
From: kruemelmonster at cookiecan dot de Assigned: lstrojny
Status: Closed Package: *General Issues
PHP Version: 4.3.2 OS:
Private report: No CVE-ID:
 [2003-06-02 07:51 UTC] kruemelmonster at cookiecan dot de
based on the discussion in #23835, I file here that the function setcookie() should include the missing paramenter 'max-age'.

max-age is defined in: 
which both are referenced in the documentation of the setcookie() - func itself.

max-age has become more and more important, because it removes the timezone-issue from the former way of timestamping cookie expiration dates.

thanks for considering. 


here's some detail taken from the rfc-specs:


  OPTIONAL.  The value of the Max-Age attribute is delta-seconds, the lifetime of the cookie in seconds, a decimal non-negative integer.  To handle cached cookies correctly, a client SHOULD calculate the age of the cookie according to the age calculation rules in the HTTP/1.1 specification [RFC2616].  When the age is greater than delta-seconds seconds, the client SHOULD discard the       cookie.  A value of zero means the cookie SHOULD be discarded immediately.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-10-25 09:35 UTC]
-Package: Feature/Change Request +Package: *General Issues
 [2012-10-25 09:35 UTC]
The timezone is not an issue as dates are GMT based anyway.
However, the issue shows up when the client UA has a wrong local time set.
 [2013-01-06 02:24 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: lstrojny
 [2013-01-06 02:24 UTC]
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at

 For Windows:
Thank you for the report, and for helping us make PHP better.

Merged in 5.5 and master.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sat Nov 28 05:01:34 2015 UTC