setcookie() Expiration

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am having problems setting a cookie to expire in the future rather
than at end of session on a particular server.  I can upload the code
to another server and the cookie expiration is correct.  I checked the
server time and it is correct.

I have even tried simplifying the code to essentials and it will not
setcookie ('cookie_name', 'cookie_value', time()+(60*60*24*7));

What is even more frustrating is that code I wrote years ago which
used to work, now does not.  I have tried in multiple browsers and all
have the same problem.  This pretty much narrows it down to the

This is a leased server running CentOS and cPanel and all updates to
PHP, etc. are current within a month or two.  I have root access.

Anyone else run into this problem?


Re: setcookie() Expiration

Quoted text here. Click to load it

Which browsers?  Do any of the browsers have privacy settings that might
be conflicting with it?  Can you see anything when using a cookie manager
or similar?

Adrienne Boswell at Home
Arbpen Web Site Design Services
Please respond to the group so others can share

Re: setcookie() Expiration

El 22/12/2010 0:45, Tyrone Slothrop escribió/wrote:
Quoted text here. Click to load it

The first step is to inspect the output of setcookie(). You can see the
raw HTTP header with many tools, such as the Firebug extension for
Firefox, but most browsers have a builtin cookie manager as well.

Also, make sure you are using a valid domain name for your tests.

-- - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web:
-- Mi web de humor satinado:

Re: setcookie() Expiration

On Wed, 22 Dec 2010 09:30:46 +0100, "Álvaro G. Vicario"

Quoted text here. Click to load it

Let's assume that I pretty much know what I am doing.  I have been
coding PHP for at least 12 years, developing backends for complex web
sites.  Not to say I don't make mistakes - and I make some incredibly
silly ones at times - but I have verified the code on a different
server and I know it works.

The test methodology I created is a standalone script which creates
three cookies, passing various parameters from the simple:
setcookie(name, value, expiration)
to the more complex:
setcookie(name, value, expiration, path, domain)

I primarily use Firefox because of Firebug and developer's extension.
Developer's extension installed for IE, as well as HTTP Analyzer.

In all cases the cookies are set properly but the expiration on the
server which will host the scripts refuses to set a cookie which
expires beyond the life of the session.  On the second server and
using the same browser, the same script works properly with the cookie
expiration set a few days in the future.

It appears the next test is to set these cookies using JS to make
absolutely sure it is not the browser but, in the context of the
application I am developing, using JS is not the preferred option. The
script accepts post data from a remote server, processes the data,
sets cookies to prevent duplicate submissions, then redirects to
another form for further processing.  The cookies set are encrypted
(64 alphanumeric characters).  Upon a second submission the cookies
are decrypted, the the data is compared against existing records in
data table, and,  should there be a match, immediately redirects to
the next form.  The header function will not allow me to write
anything to output prior to redirection so JS cookies cannot be
written, at least prior to the header() call.  Anyway, I know the test
script in using even the simplest cookies behaves on another server.

This thing has me totally baffled.

Re: setcookie() Expiration

Tyrone Slothrop wrote:
Quoted text here. Click to load it

Are you sure the server is running the code you think it is?

I had intense incrustations on several occasions that turned out to be a
simple problem that either the browser had cached an old copy and
wouldn't refresh it, or the code had ended up somewhere else on the
server. Deep embarrassment, but shit happens.

Incidentally, the problem of embedded images served by php pages was
solved for development by adding a dummy argument with a random value
that fools IE into thinking its a different image. Which it may, or may
not, be.

Re: setcookie() Expiration

Tyrone Slothrop wrote:

Quoted text here. Click to load it

Are session cookies set on the first server?

    realism:    HTML 4.01 Strict
    evangelism: XHTML 1.0 Strict
    madness:    XHTML 1.1 as application/xhtml+xml
                                                    -- Bjoern Hoehrmann

Re: setcookie() Expiration

El 22/12/2010 17:02, Tyrone Slothrop escribió/wrote:
Quoted text here. Click to load it

I apologize if my suggestions have hurt your feelings. I understand that
a PHP coder with 12 years of experience does not need to see the
Set-Cookie header or the information provided by the browser's cookie
manager but I didn't know it was the case.

Come on, take a deep breath and relax. Obvious issues are sometimes the
most difficult to find. You wouldn't be the first one to have HTTP
headers mangled by a server module, firewall, antivirus or browser

-- - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web:
-- Mi web de humor satinado:

Re: setcookie() Expiration

On Wed, 22 Dec 2010 18:09:03 +0100, "Álvaro G. Vicario"

Quoted text here. Click to load it

No offense taken.  The discussions in this group are far more gentle
compared to the flames I have received in the CSS group.  ;-)

Ironically, I tried on another computer and my laptop with the same
version of FF with the same extensions (all on Win7-64) and the
cookies were set with proper expiration.  Then I had the client try it
but the cookies were not set with expiration in FF on Vista-64, but
did work in IE.

I cannot isolate the common thread which would cause the problem so
decided to go with another method of validation to work in parallel
so, should the cookies fail, there is a backup system.  I much prefer
server side solutions rather than having to rely upon the whims of
browsers anyway.  However, clients demand the features they see on
other sites so JS and AJAX are necessary tools.  The form that this
processing script leads into has close to 4000 lines of hybrid HTML,
DHTML, PHP, JS, AJAX and SOAP that took weeks to develop and debug.

They asked why I bang my head against the wall?  I replied, it feels
so good when I stop.

Site Timeline