Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Cookie timeout and timezones
- Derek Fountain
August 15, 2005, 6:49 pm
rate this thread
apparently being ignored. I had it set to timeout in 3 minutes and it
worked fine tested on localhost, but sometimes failed when different
machines connected. The problem was that some of my test machines had
system clocks that weren't quite correct, and the cookie was effectively
timing out as soon as the browser received it. There's a lesson learned. :o}
So I switched from 3 minutes to an hour, then started pondering how much
a skewed system clock I should worry about. This is a security related
issue for my site so I didn't want to use a session cookie. That then
got me thinking about timezones...
Suppose my server is in London - UTC, GMT+0. I set my cookie to expire
in 1 hour. Someone in New York (GMT-5) connects - do they get to keep
the cookie for 6 hours? What about someone in Australia (GMT+10)? Do
they loose their cookie as expired as soon as they see it?
I read up on the issue and decided to use session cookies with a
timestamp in the data so I know exactly what is going on. But I'm still
interested in the answer to the above question. Unless there's something
going on I don't understand, it seems that cookie timeouts are not much
use for periods less than 24 hours or so, simply because of timezone issues.
Re: Cookie timeout and timezones
The cookie spec states that the expiry time shall be in GMT:
If the user has their timezone set wrong then things go wrong, but otherwise
you're only working against with their clock drift (which is hopefully in the
region of a few minutes at worst) rather than timezone offsets.
<http://www.andyhsoftware.co.uk/space Space: disk usage analysis tool