This doesn't "set" a cookie to expire - why?

[Dr John Stockton]

JRS: In article <[email protected]>
, dated Wed, 8 Feb 2006 22:18:52 remote, seen in

in most C-derivative languages (TCL, PHP, etc.) to delete a
cookie you set it to yesterday's date ("today" - 86400),

Why do you way that?

Firstly, today-86400 is not necessarily yesterday (and here it would be
864e5).

Secondly, any past date should suffice, so why not give it a fixed
literal string? After all, all past dates remain such (unlike future
dates).

 

[Phil Powell]

See below

JRS: In article <[email protected]>
, dated Wed, 8 Feb 2006 22:18:52 remote, seen in


Why do you way that?

Firstly, today-86400 is not necessarily yesterday (and here it would be
864e5).

Secondly, any past date should suffice, so why not give it a fixed
literal string? After all, all past dates remain such (unlike future
dates).

There are those of us that think writing something like

<? setcookie($cookieName, '', time() - 86400); ?>

Is easier to write than a longer literal timestamp. Either case it has
always worked that way, again, some languages handling their date
handling differently than others to know what truly is past (86400 or
86400 * -2 or 86400 * -10)

Phil

 

[Dr John Stockton]

JRS: In article <[email protected]>,
dated Fri, 10 Feb 2006 14:43:23 remote, seen in

Dr John Stockton wrote:

There are those of us that think writing something like

<? setcookie($cookieName, '', time() - 86400); ?>

Is easier to write than a longer literal timestamp. Either case it has
always worked that way, again, some languages handling their date
handling differently than others to know what truly is past (86400 or
86400 * -2 or 86400 * -10)

That's a reason for writing the date as a literal in "cookie English"
rather than assuming that the programming language will write a date in
cookie format when given an expression like that as a parameter to a
cookie-setting routine.

AIUI, the specified format for cookies is not what any standard
javascript method will give; so, since a standard javascript method
works, the cookie-reading must be liberal.

The specified cookie format is "DD-Mon-YY HH:MM:SS GMT"
and ISTM that it would be interesting to know whether, for all browsers,
"01-Jan-01" or "1970/01/01" or similar would always now cause expiry.
Or "1970", or even "0".

Anyway, for javascript,
"expires=Thu, 01-Jan-1970 00:00:00 GMT"
is insignificantly longer than
"expires="+new Date(0).toUTCString()
and is definitely shorter than what is commonly used.
Don't quote sigs.

 

[VK]

What is commonly called "session cookie" is a cookie without expiration
date. Its lifetime is defined by the end of the current client session.
End of client session doesn't necessary lead to the end of the current
server session. You can close all browser window, then launch one, go
to say Yahoo and you are still registered.

Maybe it could be possible to express all this much easier and in
lesser terms.

Just came back to me: it is properly called "browser session", not
"client session".

So session cookie are set for the browser session. Browser session
starts when you lounch first instance of your browser and continues
until you close the last instance of your browser.