Avatar of APD Toronto
APD Toronto
Flag for Canada asked on

Cookie Expiry In PHP

Hi Experts,

I am having trouble setting the cookie expiry in PHP.

I have tried
        $lifetime = (60 * $env['timeout_minutes']); //in seconds
        setcookie('CRM', '', $lifetime, '/', $env['domain'], TRUE, FALSE);

Open in new window


and

        $lifetime = time() - (60 * $env['timeout_minutes']); //in seconds
session_set_cookie_params($lifetime, '/', $env['domain'], TRUE, FALSE);

Open in new window


$env['timeout_minutes'] is set to 60 elsewhere.
PHP

Avatar of undefined
Last Comment
APD Toronto

8/22/2022 - Mon
Dave Baldwin

Cookie expiration is done by setting the time to 0 or negative.  Note that expiration is actually done by the browser after it receives the cookie from the server.

http://php.net/manual/en/function.setcookie.php

Session time-outs are determined on a shared server by the lowest timeout value which is by default 1440 seconds.  It is not generally recommend that you try to change the session timeout values because they are shared by everyone on the server.

http://php.net/manual/en/function.session-set-cookie-params.php
Dave Baldwin

Note that when you expire a cookie, you need to use Exactly the same parameters that were used to set it except for the 'value' and 'time-out'.  Everything else must be Exactly the same or it will not match what the browser data is for that cookie.
SOLUTION
Julian Hansen

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
APD Toronto

ASKER
I changed my code slightly to

<?php

//This is the model file for the current module.

    $cookie = array();
    $cookie['name'] = 'CRM';
    $cookie['value'] = '';
    $cookie['timeout_minutes'] = $env['timeout_minutes'];
    $cookie['path'] = '/';
    $cookie['domain'] = $env['domain'];

    $cookie['secure'] = FALSE;
    if ($env['force_ssl']){ $cookie['secure'] = TRUE;  }

    $cookie['httponly'] = TRUE;

class Login{
    
    public static function verify_login(){
        
        global $cookie;
    
//        self::logout(); //destroy previous sessions.
        
        $lifetime = time() + (60 * $cookie['timeout_minutes']); //in seconds
        setcookie($cookie['name'], $cookie['value'], $lifetime, $cookie['path'], 
                  $cookie['domain'], $cookie['secure'], $cookie['httponly']);

        print_variable($cookie, 'cookie');
        die();

Open in new window


The output for line 29 is
=========START=========
cookie
Array
(
    [name] => CRM
    [value] => 
    [timeout_minutes] => 60
    [path] => /
    [domain] => 192.168.2.200
    [secure] => 
    [httponly] => 1
)

=========END=========

Open in new window


However, Chrome is showing

Cookie-Chrome.JPG
As you can see it is not accepting the cookie name and expiry.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Julian Hansen

Why are we looking at a screen shot of the PHP Session ID cookie?
ASKER CERTIFIED SOLUTION
Dave Baldwin

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
APD Toronto

ASKER
Why are we looking at a screen shot of the PHP Session ID cookie?

...Because, that is the only cookie under 192.168.2.200
APD Toronto

ASKER
With setting the value, I now see my CRM cookie as well, but why PHPSESSID is still being created?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Dave Baldwin

PHPSESSID is created with session_start() on some page and only gets deleted when you close your browser completely meaning all open windows and the program itself.
APD Toronto

ASKER
Thank you!