Cookie Expiry In PHP

Hi Experts,

I am having trouble setting the cookie expiry in PHP.

I have tried
        $lifetime = (60 * $env['timeout_minutes']); //in seconds
        setcookie('CRM', '', $lifetime, '/', $env['domain'], TRUE, FALSE);

Open in new window


and

        $lifetime = time() - (60 * $env['timeout_minutes']); //in seconds
session_set_cookie_params($lifetime, '/', $env['domain'], TRUE, FALSE);

Open in new window


$env['timeout_minutes'] is set to 60 elsewhere.
APD TorontoAsked:
Who is Participating?
 
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
I wrote a test program and put it on one of my domains at http://davidibaldwin.org/CookieExp.php .  The first problem is that apparently you can't set a cookie without a value and you don't have one in your example code.  This is my test program.  You have to run it twice to see the cookies that it sets.  Which is normal.
<?php

$cookie = array();
$cookie['name'] = 'CRM';
$cookie['value'] = 'xx';
$cookie['timeout_minutes'] = "10";
$cookie['path'] = '/';
$cookie['domain'] = ".davidibaldwin.org";

$cookie['secure'] = FALSE;
//if ($env['force_ssl']){ $cookie['secure'] = TRUE;  }

$cookie['httponly'] = FALSE;
       
$lifetime = time() + (60 * $cookie['timeout_minutes']); //in seconds
setcookie($cookie['name'], $cookie['value'], $lifetime, $cookie['path'],$cookie['domain'], $cookie['secure'],$cookie['httponly']);

setcookie("TestCookie", 'check', time()+3600, "/", ".davidibaldwin.org");

//print_variable($cookie, 'cookie');
echo "<pre>\r\n";
print_r($cookie);

$cukarr = array();
foreach($_COOKIE as $key => $value) {
		$cukarr[] = $key;
    echo "<b>$key :</b> $value<br />\r\n";
}
echo "</pre>";

die();

Open in new window

1
 
Dave BaldwinFixer of ProblemsCommented:
Cookie expiration is done by setting the time to 0 or negative.  Note that expiration is actually done by the browser after it receives the cookie from the server.

http://php.net/manual/en/function.setcookie.php

Session time-outs are determined on a shared server by the lowest timeout value which is by default 1440 seconds.  It is not generally recommend that you try to change the session timeout values because they are shared by everyone on the server.

http://php.net/manual/en/function.session-set-cookie-params.php
0
 
Dave BaldwinFixer of ProblemsCommented:
Note that when you expire a cookie, you need to use Exactly the same parameters that were used to set it except for the 'value' and 'time-out'.  Everything else must be Exactly the same or it will not match what the browser data is for that cookie.
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
Julian HansenConnect With a Mentor Commented:
Is the question about how to mark a cookie as expired or how to set the time at which the cookie will expire?

If you echo $lifetime out what do you get?

Also you have secure set to TRUE (Second last parameter) which means that cookie will only be sent over an HTTPS link - are you accessing your site with HTTPS or HTTP  - if the latter - not going to work.
0
 
APD TorontoAuthor Commented:
I changed my code slightly to

<?php

//This is the model file for the current module.

    $cookie = array();
    $cookie['name'] = 'CRM';
    $cookie['value'] = '';
    $cookie['timeout_minutes'] = $env['timeout_minutes'];
    $cookie['path'] = '/';
    $cookie['domain'] = $env['domain'];

    $cookie['secure'] = FALSE;
    if ($env['force_ssl']){ $cookie['secure'] = TRUE;  }

    $cookie['httponly'] = TRUE;

class Login{
    
    public static function verify_login(){
        
        global $cookie;
    
//        self::logout(); //destroy previous sessions.
        
        $lifetime = time() + (60 * $cookie['timeout_minutes']); //in seconds
        setcookie($cookie['name'], $cookie['value'], $lifetime, $cookie['path'], 
                  $cookie['domain'], $cookie['secure'], $cookie['httponly']);

        print_variable($cookie, 'cookie');
        die();

Open in new window


The output for line 29 is
=========START=========
cookie
Array
(
    [name] => CRM
    [value] => 
    [timeout_minutes] => 60
    [path] => /
    [domain] => 192.168.2.200
    [secure] => 
    [httponly] => 1
)

=========END=========

Open in new window


However, Chrome is showing

Cookie-Chrome.JPG
As you can see it is not accepting the cookie name and expiry.
0
 
Julian HansenCommented:
Why are we looking at a screen shot of the PHP Session ID cookie?
0
 
APD TorontoAuthor Commented:
Why are we looking at a screen shot of the PHP Session ID cookie?

...Because, that is the only cookie under 192.168.2.200
0
 
APD TorontoAuthor Commented:
With setting the value, I now see my CRM cookie as well, but why PHPSESSID is still being created?
0
 
Dave BaldwinFixer of ProblemsCommented:
PHPSESSID is created with session_start() on some page and only gets deleted when you close your browser completely meaning all open windows and the program itself.
0
 
APD TorontoAuthor Commented:
Thank you!
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.