cookie questions

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Greetings to PHP people!

I'm acquainted with PHP about five days (more precisely,  
with the web programming in general). However i have some  
other experiences in programming.

The first thing i need to do is a reliable authentication
with sessions and cookies. I've create a scratch web-site
for testing this ( /) and have two
questions related to cookies. I use the latest PHP 4 & 5  
with IIS5 (CGI mode) under Windows 2000. Php.ini settings
are setup defaults (when using php-x.x.x-installer.exe).

1. When i do setcookie ($vname, $vvalue, time() + 600, "/");  
it's saved well, but the cookie does not expire after ten  
minutes as it supposed to be (testing with IE6). What's wrong?

2. When i do setcookie (..); and after that (below in the  
end of the same script) send a header("Location: $goto");
the cookie is not saved. I've create a workaround. But...
Is it normal behaviour? I can't find clear information on  
this in the PHP Manual. Can someone clarify this?


Re: cookie questions

Eman wrote:
Quoted text here. Click to load it
You're using Internet Explorer.  This would be a client side problem.  You
should check how the cookie appears in IE and when it will expire in one of
the control panels.

Quoted text here. Click to load it
This is a known bug in PHP on Windows servers.  The cause is Microsoft and
the solution is Linux.

Most of your problems are (probably) caused by Microsoft.  :-)

Carl Vondrick
To contact me, please use my website.

Re: cookie questions

Carl, thanks for reply.

Quoted text here. Click to load it

Yes, i've check it. It seems IE6 somewhat elongates cookie lifetime,
maybe due to caching or time alignment, but not in fatal (need more
tests to be certain). But, actually, the main reason for my wonder
was a stupid bug in my php code.

Anyway, that mistake was useful. It makes it clear for me that it
would be better to do not rely on client in this sensitive point.
I'll force cookie expiration policy on the server-side by saving
(protected) time stamp in the cookie.

And what can you say about p3p? I've found some assertions that
a web site needs a P3P policy for cookies to work properly in IE6
(e.g. )

Quoted text here. Click to load it

Thanks a lot for this info.

Quoted text here. Click to load it

Well, all the things in this world have benefits and disadvantages..
Peace, no holy war \o/ ;) I'm in great respect for Linux :-)
Moreover, in the final shape it will be hosted on Linux, of course.

Site Timeline