|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #43439 PHP Cookie expiration (2)
Submitted: 2007-11-28 10:57 UTC Modified: 2013-04-16 19:41 UTC
From: bnies at bluewin dot ch Assigned: yohgaki (profile)
Status: Closed Package: Session related
PHP Version: 5.2.5 OS: Solaris 9
Private report: No CVE-ID: None
 [2007-11-28 10:57 UTC] bnies at bluewin dot ch
Concerning Bug #43226 because it was set to 'bogus' and additional comments are not allowed.

First: I did not ask for support.

The issue I submitted is concerning the HTTP headers that the PHP function session_unregister() sends to the browser.

My suggestion was to send Cookie Expires and Cookie Max-Age together when unregistering a PHP session to make sure that even with broken proxy or browser implementations the session gets terminated.

This problem came across a broken proxy implementation that only treated the Max-Age option and ignored the Expires option and then sent the session cookie with the value 'deleted' back to the PHP application which then treated it as a valid session.


I don't mess with computer's time but some internet users might do this and change the date to use expired software licenses. I don't know if the PHP application or PHP itself sets the cookie expires date to one year in the past. Maybe setting it to 1 January 1980 00:00 GMT is the safest way.



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-08 21:30 UTC]
-Package: Feature/Change Request +Package: *General Issues
 [2011-04-08 21:30 UTC]
-Package: *General Issues +Package: Session related
 [2012-03-31 03:28 UTC]
Sounds reasonable
 [2012-03-31 03:28 UTC]
-Assigned To: +Assigned To: yohgaki
 [2013-01-15 08:10 UTC] narf at bofh dot bg
This has been fixed via the following pull request:
 [2013-04-16 19:41 UTC]
setcookie() has changed
 [2013-04-16 19:41 UTC]
-Status: Assigned +Status: Closed
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat Aug 13 00:05:43 2022 UTC