rfc:cookie_max-age
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionLast revisionBoth sides next revision | ||
rfc:cookie_max-age [2012/12/28 02:16] – created narf | rfc:cookie_max-age [2013/09/16 16:58] – Updated my email narf | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Request for Comments: Cookie Max-Age attribute ====== | ====== Request for Comments: Cookie Max-Age attribute ====== | ||
- | * Version: 1.0 | + | * Version: 1.1 |
* Date: 2012-12-28 | * Date: 2012-12-28 | ||
- | * Author: Andrey Andreev <narf@bofh.bg> | + | * Author: Andrey Andreev <narf@devilix.net> |
- | * Status: | + | * Status: |
* First Published at: http:// | * First Published at: http:// | ||
Line 11: | Line 11: | ||
===== Introduction ===== | ===== Introduction ===== | ||
- | As already described by the title, this RFC proposes that // | + | As already described by the title, this RFC proposes that **setcookie()**, |
==== Why is it needed? ==== | ==== Why is it needed? ==== | ||
Line 20: | Line 20: | ||
- User agents always have correct time settings. | - User agents always have correct time settings. | ||
- | Since user agents will calculate the difference based on their own timestamp and the one that they receive, if any of the above two conditions isn't met, then we'll have a problem - the cookie will expire | + | Since user agents will calculate the difference based on their own timestamp and the one that they receive, if any of the above two conditions isn't met, then we'll have a problem - the cookie will expire |
Always sending a UTC-based timestamp should give us enough confidence to consider the first condition to always be satisfied. The second one however is never guaranteed and even though we can always blame the problem on a client-side configuration issue - why not just solve the problem once and for all, since a solution is available? | Always sending a UTC-based timestamp should give us enough confidence to consider the first condition to always be satisfied. The second one however is never guaranteed and even though we can always blame the problem on a client-side configuration issue - why not just solve the problem once and for all, since a solution is available? | ||
Line 38: | Line 38: | ||
The above list makes it pretty clear that the behavior of any user agent that can't take advantage of //Max-Age// won't be affected. With that said, I believe that it is both safe and proper to send both //Expires// and //Max-Age// at the same time, as this will provide a proper fallback for any " | The above list makes it pretty clear that the behavior of any user agent that can't take advantage of //Max-Age// won't be affected. With that said, I believe that it is both safe and proper to send both //Expires// and //Max-Age// at the same time, as this will provide a proper fallback for any " | ||
+ | |||
+ | ==== Logical behavior ==== | ||
+ | |||
+ | Since **setcookie()** and **setrawcookie()** accept a Unix timestamp - the TS delta will have to be calculated based on the provided timestamp, like this: | ||
+ | |||
+ | ''< | ||
+ | |||
+ | **ext/ | ||
+ | |||
+ | ==== Possible BC effects ==== | ||
No downside is expected, except the few more bytes being sent in HTTP headers. | No downside is expected, except the few more bytes being sent in HTTP headers. | ||
+ | |||
+ | ===== Examples ===== | ||
+ | |||
+ | Assuming our current time is: Fri, 28-Dec-2012 03:00:00 GMT | ||
+ | |||
+ | < | ||
+ | setcookie(' | ||
+ | |||
+ | // Old header: | ||
+ | // Set-Cookie: name=value; expires=Fri, | ||
+ | |||
+ | // New Header: | ||
+ | // Set-Cookie: name=value; Expires=Fri, | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | setrawcookie(' | ||
+ | |||
+ | // Old header: | ||
+ | // Set-Cookie: name=value; expires=Fri, | ||
+ | |||
+ | // New Header: | ||
+ | // Set-Cookie: name=value; Expires=Fri, | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | session_name(' | ||
+ | session_set_cookie_params(3600, | ||
+ | session_start(); | ||
+ | |||
+ | // Old header: | ||
+ | // Set-Cookie: PHPSESSID=< | ||
+ | |||
+ | // New header: | ||
+ | // Set-Cookie: PHPSESSID=< | ||
+ | </ | ||
===== Related links ===== | ===== Related links ===== | ||
Line 52: | Line 98: | ||
===== Changelog ===== | ===== Changelog ===== | ||
+ | * 2012-12-28: Updated with suggestions from the thread on PHP-Internals. | ||
* 2012-12-28: Initial version. | * 2012-12-28: Initial version. |
rfc/cookie_max-age.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1