I was creating my website when I created a new cookie with this php line :
setcookie('subscribed', 'true', time() + 365*24*3600*100, '/', null, false, true);
I realised my browser (Google Chrome) refused to get that cookie. When I looked at my cookies in Google Chrome it wasn't there. I started fiddling with the different settings until I saw that this worked :
setcookie('subscribed', 'true', time() + 365*24*360, '/', null, false, true);
Which meant that changing the expiration time to a lower value did work as a means of making this work.
My question is, what is the lowest expiration time you can set for a cookie in Google chrome? Does anyone know of this policy?
I have just tried that on a 64bit OS with Chrome as a browser and Apache as a server, and it works flawlessly. It shows the cookie's expiration time to be somewhere in the year 2113.
dev-null-dweller is probably right: Any date beyond 03:14:07 UTC on Tuesday, 19 January 2038 will wrap around to some time close to 1900, thus forcing the cookie to immediately disappear (on 32bit platforms, that is).
Work around this by setting cookie expiration times to be no more than 10 years in the future, or so. This is already beyond the reasonably expectable lifetime of any electronic device, which will hold it, anyways.
If someone is trying to understand why Chrome accepts cookie but sets max expire date to be shorter than expected, there was a change in Chrome 104 which sets max expire time to be no more than 400 days.
Limiting expiration date of cookies to 400 days works for expires and max-age js settings as well.
Assume other browsers will follow soon.
I was trying to set 3 years cookie expiration and got strange behavior, as had some cookies valid until 2038, hope this answer will save some time. BTW, for old cookies, set before v104, expiration date is not modified, at least for now.
Related
This is a really odd issue I'm having, and I'm having a hard time figuring out what's going on. Once in awhile, my cookie returns the value "deleted" instead of its proper value. Do any web browsers turn the cookie value to "deleted" if it has expired?
I've done a ton of Google searches and SO searches, and can't find anything like this.
Has anyone seen this before?
Check to ensure that when you call setcookie() you are setting a reasonable expiry time that will ensure that your cookie will not expire while being used.
From the php documentation (trimmed for important parts):
The time the cookie expires. This is a Unix timestamp so is in number
of seconds since the epoch. In other words, you'll most likely set
this with the time() function plus the number of seconds before you
want it to expire.
If set to 0, or omitted, the cookie will expire at the end of the
session (when the browser closes).
EDIT
further down the setcookie() documentation I found this
Cookies must be deleted with the same parameters as they were set
with. If the value argument is an empty string, or FALSE, and all
other arguments match a previous call to setcookie, then the cookie
with the specified name will be deleted from the remote client. This
is internally achieved by setting value to 'deleted' and expiration
time to one year in past.
i.e. it seems that your cookie is somewhere being updated to either an empty string or being set to false.
I am using the helper Sentry::authenticateAndRemember($credentials); to authenticate the user, but after a while (a few days) I get disconnected. The session driver used is the database one.
I investigated the problem and tried to understand how Sentry remembers the authentication of a user.
First, in the sessions table, does anyone know what the payload represents ? I have checked the created cookies and I don't understand why but the expiration date is set for a month later (whereas in the source code it looks like it is set 5 years later).
Also, I have tried to log the user in without remembering him (Sentry::authenticate($credentials, false);) and I get the exact same cookie created, so I don't get disconnected when exiting my browser.
Does anyone have any clue explaining anything that I said ?
I found the solution of my problem, in php.ini the variable session.gc_maxlifetime was set to 1440. This setting specifies the number of seconds after which data will be seen as 'garbage', so after 24 minutes my session was invalidated.
After setting it to 2592000 (30 days) the issue was solved, I hope this will help someone.
In Sentry2 with Laravel 4.1 the Cookie expiration date is in vendor>caralyst>sentry>tests>CICookiesTest.php line 61.
The default being just 1440 seconds, so pretty easy to make that stick for a good bit longer.
This is the YouTube cookies in my browser
f2=8000000&f3=800&f1=50000000&fv=11.1.102
How can I find out Which part of the expiration time.
and Is it possible to be an endless cookie expiration time ?
I think your question can be answered in three different ways depending on what you're exactly asking.
1) The expiration time is not set in the cookie itself, but during the request that the server sends to your browser to save the cookie. If you want to change one of your current cookies to not expire for a very long time, say in 25 years, you would need to check how your browser saves cookies and how to modify them. Google Chrome and Firefox both provide plugins to do this.
2) However, since you reference PHP in your tags, I believe you're asking how to set a cookie to have an expiration date very far in advance using PHP. You would do this with the setcookie() function. For example, you could do something like
setcookie('name_of_cookie', 'value_of_cookie', time()+60*60*24*365*25);
would set a cookie with your values to expire in 25 years.
3) If you want to change a Youtube cookie, or any cookie really, that doesn't belong to your website/domain, you really can't. Most modern web browsers will not allow you to update a cookie from a different domain, to help prevent cross site requests. In other words, you can't change what you don't own.
Browser should respect web site demanding expire time for cookies, but if you are implementing in php, you don't have to care about it.
f2=8000000&f3=800&f1=50000000&fv=11.1.102
There are 4 cookies here, f2, f3, f1 and fv, no expiration info here.
You only have to assign them using curl_setopt
curl_setopt($ch, CURLOPT_COOKIE, "f2=8000000;f3=800;f1=50000000;fv=11.1.102");
As long as you always set them, they are cookies with endless expire time.
A cookie isn't being set on my computer. It works locally but not live. I only want the cookie to exist for 20 minutes. The only reason I can think of that it won't work is because the server is in the states. I am x hours ahead. Thus the cookie set time is already expired. Is this correct?
setcookie($cookiename, $cookie, time() + 1200);
If the server time is 6am and my time is 12pm. Would the cookie be set to expire at 6:20am or 12:20pm?
If it is the former, how do I set the cookie expiry time based on the users local time? If it is the later I will do some more trouble shooting on Monday.
I've had a similar problem in the past, the advice I was always given is to make sure cookies (if set in different time zones) have an expiration of a minimum of 25 hours. This enables anyone anywhere to utilise the cookie. In alot of cases an invalid cookie = no access = a big deal.
Modern computing has made reservations for this, and synchronised time will make sure cookies are always set in the users local time. That said, exceptions are still to be found.
20 minutes is a very short time to enable a cookie, consider increasing it. If the cookie is still not set locally, I would assume your browser has blocked incoming cookies from the server.
The time() function will get the server time, but I believe Cookies use GMT time.
Easiest way to get the GM time from PHP is to use:
<?php
$gmtime = gmdate('U');
?>
So you'd set the cookie like this:
setcookie($cookiename, $cookie, gmdate('U') + 1200);
I have a problem with zend session.If i don't define expire date parameter for session while using it, and i close the browser in firefox the session destroyed.However, in IE it doesn't.
Thanks in advance
There are several parameters that can be manipulated to change the behavior of the PHP session management. These parameters are set in the php.ini file in the section headed [Session].
look for:
session.cookie_lifetime
This parameter holds the life of a session cookie in seconds and is used by PHP when setting the expiry date and time of a cookie. The default value of 0 sets up a session cookie that lasts only while the browser program is running. Setting this value to a number of seconds other than 0 sets up the cookie with an expiry date and time. The expiry date and time of the cookie is set as an absolute date and time, calculated by adding the cookie_lifetime value to the current date and time on the server machine.
[ The actual expiry of the cookie is performed by the browser, which compares the expiry date and time of the cookie with the client machine's date and time. If the date and time are incorrectly set on the client, a cookie might expire immediately or persist longer than expected. ]