Edit report at https://bugs.php.net/bug.php?id=43439&edit=1
ID: 43439 Comment by: narf at bofh dot bg Reported by: bnies at bluewin dot ch Summary: PHP Cookie expiration (2) Status: Assigned Type: Feature/Change Request Package: Session related Operating System: Solaris 9 PHP Version: 5.2.5 Assigned To: yohgaki Block user comment: N Private report: N New Comment: This has been fixed via the following pull request: https://github.com/php/php-src/pull/238 Previous Comments: ------------------------------------------------------------------------ [2012-03-31 03:28:55] yohg...@php.net Sounds reasonable ------------------------------------------------------------------------ [2007-11-28 10:57:08] bnies at bluewin dot ch Description: ------------ Concerning Bug #43226 because it was set to 'bogus' and additional comments are not allowed. First: I did not ask for support. The issue I submitted is concerning the HTTP headers that the PHP function session_unregister() sends to the browser. My suggestion was to send Cookie Expires and Cookie Max-Age together when unregistering a PHP session to make sure that even with broken proxy or browser implementations the session gets terminated. This problem came across a broken proxy implementation that only treated the Max-Age option and ignored the Expires option and then sent the session cookie with the value 'deleted' back to the PHP application which then treated it as a valid session. See: https://sourceforge.net/tracker/index.php?func=detail&aid=1829098&group_id=311&atid=100311 I don't mess with computer's time but some internet users might do this and change the date to use expired software licenses. I don't know if the PHP application or PHP itself sets the cookie expires date to one year in the past. Maybe setting it to 1 January 1980 00:00 GMT is the safest way. Bye, Bernd ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=43439&edit=1
