Edit report at https://bugs.php.net/bug.php?id=23955&edit=1
ID: 23955 Updated by: jpa...@php.net Reported by: kruemelmonster at cookiecan dot de Summary: setcookie(): max-age needed [to comply with rfc] Status: Open Type: Feature/Change Request -Package: Feature/Change Request +Package: *General Issues PHP Version: 4.3.2 Block user comment: N Private report: N New Comment: The timezone is not an issue as dates are GMT based anyway. However, the issue shows up when the client UA has a wrong local time set. Previous Comments: ------------------------------------------------------------------------ [2003-06-02 07:51:37] kruemelmonster at cookiecan dot de based on the discussion in #23835, I file here that the function setcookie() should include the missing paramenter 'max-age'. max-age is defined in: http://www.ietf.org/rfc/rfc2109.txt http://www.ietf.org/rfc/rfc2965.txt which both are referenced in the documentation of the setcookie() - func itself. max-age has become more and more important, because it removes the timezone-issue from the former way of timestamping cookie expiration dates. thanks for considering. ----- here's some detail taken from the rfc-specs: Max-Age=value OPTIONAL. The value of the Max-Age attribute is delta-seconds, the lifetime of the cookie in seconds, a decimal non-negative integer. To handle cached cookies correctly, a client SHOULD calculate the age of the cookie according to the age calculation rules in the HTTP/1.1 specification [RFC2616]. When the age is greater than delta-seconds seconds, the client SHOULD discard the cookie. A value of zero means the cookie SHOULD be discarded immediately. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=23955&edit=1