I've found that if I set a cookie with no expiration value and then create another cookie, the first cookie seems to be destroyed. Is this because a new session is created or is it because it is another request?
I've resolved my 'problem' by actually setting an expiration time, but I'm just curious to know what is actually happening when the second cookie is being created.
setcookie('cookieA', 'stuff', null, '/');
setcookie('cookieB', 'stuff', time() + 1200, '/');
$expire_time has it's own role in function setcookie and if it's less than now the cookie is deleted. There's no way not to set an expiration time or set it to null. It's simply a specification of cookies to achieve an expiration time (http://www.faqs.org/rfcs/rfc2965.html).
If you want the cookie to last forever, just set it to enormously huge number
Good Luck. :)
Related
I am new to php , I came across cookie and persistent cookie and i understand the difference between them.My question is that how can i make cookie persistent or temporary.I found only one syntax for cookies
<?php
setcookie("user", "Alex Porter", time()+3600);
?>
Thanks
Phisically speaking, there is only one kind of cookie. You can make it persistent by choosing a large enough expiration time. If the expiration time is set to 0, the cookie will last only until your page is opened in the browser.
Your example cookie is persistent, it expires in one hour.
Here is a link with a short explanation.
Most likely you can hardly access the phisical cookie on your hard disk, because borwsers store them in their internal logic. For example Firefox store cookies in a local SQLite database file in the browser's profile folder.
When creating a cookie, 3rd argument (time()+3600 in your example) specifies cookie's expiry date.
time()+3600 means now+3600 seconds, which is 1 hour in the future. Time() function returns current time (unix time) in seconds.
There is no such thing as a really permanent cookie, more like expiring far in the future cookie.
I have heard many times that a session get destroy as our browser close.
Then how I keep logged in after closing and reopening my browser.
Please help
You keep login because your sessions are not destroyed even when the browser is closed. Sessions destroying on the closing of the browser is default behaviour but but this does not mean its the only behaviour. You can extend the expiry time of session.
This behaviour can be changed in the php.ini file by altering the line:
Keeping a session alive indefinitely
session.cookie_lifetime = 0
So just check when you have set the expiry time for the sessions. Although using cookies will be a good option
Note:- Remember to restart your web server after making this change.
You have to use Cookies.
You can use the setcookie() function and read the value with the $_COOKIE['cookiename'] variable.
Use cookies, with a predefined expire time, I like 1 year
You can use cookies. Cookies are data that is stored directly on the HDD so that even if the browser was closed, cookies still can be read if it haven't expired yet.
Here is an example of setting up a cookie.
Paste this code BEFORE the tag.
<?php setcookie("$name", "$value", $time); ?>
Where $name is the cookie name, $value is the cookie value and $time is the time when your cookie will be expired. For example $time = time()+86400; will set your cookie to expire after 1 day. The 86400 value is the number of seconds in a day, 60seconds times 60minutes times 24hours, so 60x60x24 = 86400.
I want to destroy the cookie by the php condition but i have not got anything to do that after the lots of research on the google and php manual . i have read at some place that setcookie('cookie_name'); but it just erase the cookie so my question is that how to destroy cookie by php ?
When deleting a cookie you should assure that the expiration date is in the past, to trigger the removal mechanism in your browser
setcookie ("cookie_name", "", time() - 3600); // set the expiration date to one hour ago
Manual.
There is no way to erase a cookie in PHP perse. What setcookie("cookie_name"); does is it instructs the browser to keep the cookie untill now, meaning that it can clean it up (you normally give it a date sometime in the future).
You can not force a cookie to be deleted.
If you need better control over what data is kept in the current session use server-side session storage. Keep only the session_id in the cookie.
Destroying cookies is upto the browser however you can remove a cookie (which is the same for your app) by setting the date in the past:
setcookie($cookie_name, "", 1);
Most set the time to 1970.
Ha! #MikeBrant makes a good point. Since PHP can't understand if setcookie was done to remove a cookie $_COOKIE is still set after issuing this command so you have to unset it.
A cookie isn't being set on my computer. It works locally but not live. I only want the cookie to exist for 20 minutes. The only reason I can think of that it won't work is because the server is in the states. I am x hours ahead. Thus the cookie set time is already expired. Is this correct?
setcookie($cookiename, $cookie, time() + 1200);
If the server time is 6am and my time is 12pm. Would the cookie be set to expire at 6:20am or 12:20pm?
If it is the former, how do I set the cookie expiry time based on the users local time? If it is the later I will do some more trouble shooting on Monday.
I've had a similar problem in the past, the advice I was always given is to make sure cookies (if set in different time zones) have an expiration of a minimum of 25 hours. This enables anyone anywhere to utilise the cookie. In alot of cases an invalid cookie = no access = a big deal.
Modern computing has made reservations for this, and synchronised time will make sure cookies are always set in the users local time. That said, exceptions are still to be found.
20 minutes is a very short time to enable a cookie, consider increasing it. If the cookie is still not set locally, I would assume your browser has blocked incoming cookies from the server.
The time() function will get the server time, but I believe Cookies use GMT time.
Easiest way to get the GM time from PHP is to use:
<?php
$gmtime = gmdate('U');
?>
So you'd set the cookie like this:
setcookie($cookiename, $cookie, gmdate('U') + 1200);
Is session_start() supposed to extend the life of the session ID cookie by the session.gc_maxlifetime variable?
My session.gc_maxlifetime is 24 minutes, and each session is only living 24 minutes regardless of additional activity on the site. I get my session, refresh the page, and the expiration time does not change. This results in a logout after 24 minutes of login, no matter what. Is there something wrong with my configuration?
I had problem with this too. I was thinking that each
session_set_cookie_params($sessionTime, '/', $domain);
session_start();
causes that expiration time for cookie PHPSESSID is extended. But really cookie PHPSESSID is set by session_start() only first time in session when new session id is generated.
My goal was that session expiration time should regenerate each time a page was opened. I figured out that session can expire because of two reasons:
Cookie PHPSESSID expires, and its expiration time isn't regenerated by session_start(), so session will always expire because of cookie with expiration time.
No activity of user will cause that session will expire on server side. It is set by ini_set('session.gc_maxlifetime', $sessionTime).
Solution in this case is when you won't set expiration time for cookie, but session.gc_maxlifetime is still set:
function my_session_start($maxtime = 300)
{
ini_set('session.gc_maxlifetime', $maxtime);
session_set_cookie_params(0, '/', "." . $domain);
session_start();
}
Most important is 0 in session_set_cookie_params(0, '/', "." . $domain) then cookie won't expire and there is no need to extend its expiration time. This cookie will be removed when browser is closed. Then we are limited only by time which expires on server side.
I had also problems with that I couldn't extend PHP session time by jQuery Ajax PINGs because of that I had set expiration time for PHPSESSID in cookie. 0 resolves all problems with not expected ends of sessions. Sorry for my English. Good luck.
I've noticed this behavior in PHP and tried every configuration on PHP but no luck so far.
My sessions were dying on exact time from first session_start(), lookig at cookie lifetime, it was not renewing its expiry time.
My application already has an important client count, about 60 connections per second, so the GC was hit every 1.5s (i guess).
My solution for cookie time not extending was something like this (It may seem not to elegant, but worked for me).
function my_session_start($maxtime = 300){
// $maxtime = 300 for 5 minutes
session_start( [ 'gc_maxlifetime' => $maxtime ] );
$_sess_name = session_name();
$_sess_id = session_id();
setcookie( $_sess_name, $_sess_id, time() + $maxtime, '/' );
}
It's my particular solution, as the question says "session ID cookie". May not be the optimal, but indeed it works for me!
I think this post will provide the solution you are looking for: Session timeouts in PHP: best practices
Basically, when session_start() is called, there is a 1% probability (by default) that the garbage collector will be run. When the garbage collector is run it scans for and deletes expired sessions. However, when you are the only user accessing the page (which you probably are, during development) or there are very few users, the garbage collector will only run when you access a page. This happens AFTER session_start() is called, effectively resetting the timer. Instead of trying to work around this, just implement your own session_start() function which enforces the timeout. Try the function that the #Glass Robot posted, in the link I gave you above.