ID: 35975 User updated by: waitman at waitman dot net Reported By: waitman at waitman dot net Status: Closed Bug Type: Feature/Change Request Operating System: Linux PHP Version: 4.4.1 New Comment:
whoa. it's been a while. ;-) excellent, thanks! Previous Comments: ------------------------------------------------------------------------ [2008-12-11 01:21:59] [EMAIL PROTECTED] This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2008-11-27 10:20:42] odbc3 at hotmail dot com The setcookie() is working fine in 5.2.6 on windows and Linux. The session_start() is still without hyphens in the date. Mobile phones such as the Sony Erricson K800 or K850 will ignore the cookie if there is no hyphen. A bug fix is crucial to provide correct operation of websites for mobiles. ------------------------------------------------------------------------ [2006-01-12 01:32:45] waitman at waitman dot net Description: ------------ Both the session_set_cookie_params() and setcookie() functions output dates in the format: Wdy, DD Mon YY HH:MM:SS GMT Which appears to be correctly parsed in browsers such as MSIE and Mozilla/Firefox. However, I have noticed that some of the popular Mobile Client Web Browsers (such as OpenWave) do not parse the date properly and set the "expires" value to the end of the current session, regardless of the "expires" value intended. According to RFC 2109, the "expires" value is obsolete and replaced with "max-age" (which is not set by either function listed above). But it does state that browser vendors should be aware that the "Expires" tag may be used as defined by the original Netscape proposal. The original Netscape proposal states the following about the Expire value: "The date string is formatted as: Wdy, DD-Mon-YYYY HH:MM:SS GMT This is based on RFC 822, RFC 850, RFC 1036, and RFC 1123, with the variations that the only legal time zone is GMT and the separators between the elements of the date must be dashes." My opinion is that either the PHP functions should use the "Max Age" value (with an integer indicating number of seconds) per the RFC or the date format returned should have the dash between the day, month and year. Reproduce code: --------------- <?php $time=mktime(1,1,1,3,9,2008); setcookie("foo", "bar", $time, "/", ".example.com", 0); // and session_set_cookie_params ( 10000, "/", ".nodemap.com", 0); session_start(); ?> Expected result: ---------------- 200 OK Set-Cookie: foo=bar; expires=Sun, 09-Mar-2008 09:01:01 GMT; path=/; domain=.example.com Set-Cookie: PHPSESSID=e5e7ea79f6450d219c7471e559a29bab; expires=Thu, 12-Jan-2006 03:16:47 GMT; path=/; domain=.example.com Actual result: -------------- 200 OK Set-Cookie: foo=bar; expires=Sun, 09 Mar 2008 09:01:01 GMT; path=/; domain=.example.com Set-Cookie: PHPSESSID=e5e7ea79f6450d219c7471e559a29bab; expires=Thu, 12 Jan 2006 03:16:47 GMT; path=/; domain=.example.com ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=35975&edit=1