Printable Version of Topic

Click here to view this topic in its original format

HTMLHelp Forums _ Web Server Configuration _ max-age attribute not working

Posted by: jmrathbun Jun 29 2011, 09:02 PM

I'm trying to set a cookie that will expire in 24 hours. I've tried

CODE
Set-Cookie: score=10; path=/; expires=time()+86400

and I've tried
CODE
Set-Cookie: score=10; path=/; max-age=86400

both on Unix and on Windows servers, but in every case I get a session cookie only.

What's wrong?

Posted by: Christian J Jun 30 2011, 05:30 AM

That looks like a HTTP response, so I move the thread to the Web server configuration forum.

Posted by: jmrathbun Jun 30 2011, 06:35 AM

QUOTE(Christian J @ Jun 30 2011, 06:30 AM) *

That looks like a HTTP response, so I move the thread to the Web server configuration forum.


Huh?

Posted by: Christian J Jun 30 2011, 10:05 AM

QUOTE(jmrathbun @ Jun 30 2011, 01:35 PM) *

QUOTE(Christian J @ Jun 30 2011, 06:30 AM) *

That looks like a HTTP response, so I move the thread to the Web server configuration forum.


Huh?

Sorry if I got that wrong. So what are you using to set the cookie --server-side scripting (if so which language?), htaccess directive?

Posted by: jmrathbun Jun 30 2011, 11:59 AM

Sorry to be so unclear. According to various online sources, this code goes at the top of the html document and it executes as expected (leaving a cookie) except the cookie expires at the end of the browser session instead of 24 hours later as the code indicates it should. Here's the whole script:

CODE
#!/usr/local/bin/perl
use warnings;
use strict;
use CGI;
my $cgi=new CGI;
use diagnostics;

print "Set-Cookie: topic=Consciousness; path=/; expires=time()+86400\n";
print "Set-Cookie: score=10; path=/; max-age=86400\n";
print "Set-Cookie: smarts=20; path=/; expires=time()+86400\n";
print "Set-Cookie: playlevel=30; path=/; max-age=86400\n";
print $cgi->header;
print $cgi->start_html('Set Cookie');
print $cgi->h1('The cookie has been set!');
print $cgi->end_html;

Posted by: Darin McGrew Jun 30 2011, 12:12 PM

QUOTE
this code goes at the top of the html document
No, that is incorrect. That code might go at the top of a Perl CGI program that generates an HTML document, but it does not go at the top of a plain HTML document.

Posted by: jmrathbun Jun 30 2011, 12:35 PM

Try testing my code, if you will. I've done it from this Perl script and with conventional HTML, and it always generates cookies. My question is, why are they session cookies rather than carrying the expiration date as the code requires? If you think it's the positioning that's at fault, how would you reposition this in the HTML? Please test your code before posting. Here's the output of the script:

CODE
Set-Cookie: topic=Consciousness; path=/; expires=time()+86400
Set-Cookie: score=10; path=/; max-age=86400
Set-Cookie: smarts=20; path=/; expires=time()+86400
Set-Cookie: playlevel=30; path=/; max-age=86400
Content-Type: text/html; charset=ISO-8859-1



<!DOCTYPE html
    PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>Set Cookie</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>The cookie has been set!</h1>
</body>
</html>

Posted by: Darin McGrew Jun 30 2011, 02:24 PM

The expires=... value should be a date/time value, for example:
expires=Thu, 30-Jun-2012 20:23:38 GMT

Something needs to process the "time()+86400" value and convert that into a date/time value in the above format. That isn't happening.

Posted by: jmrathbun Jun 30 2011, 04:01 PM

QUOTE(Darin McGrew @ Jun 30 2011, 03:24 PM) *

The expires=... value should be a date/time value, for example:
expires=Thu, 30-Jun-2012 20:23:38 GMT

Something needs to process the "time()+86400" value and convert that into a date/time value in the above format. That isn't happening.


According to http://tools.ietf.org/html/rfc6265#section-4.1

QUOTE

4.1.2.2. The Max-Age Attribute


The Max-Age attribute indicates the maximum lifetime of the cookie,
represented as the number of seconds until the cookie expires. The
user agent is not required to retain the cookie for the specified
duration. In fact, user agents often evict cookies due to memory
pressure or privacy concerns.

NOTE: Some existing user agents do not support the Max-Age
attribute. User agents that do not support the Max-Age attribute
ignore the attribute.

If a cookie has both the Max-Age and the Expires attribute, the Max-
Age attribute has precedence and controls the expiration date of the
cookie. If a cookie has neither the Max-Age nor the Expires
attribute, the user agent will retain the cookie until "the current
session is over" (as defined by the user agent).


So maybe my Firefox is one of those browsers that ignores the max-age attribute. As far as the expires= tag, I gather that's deprecated and I have seen multiple conflicting ideas on how to use it. I decided to rewrite my script using CGI to manage the whole cookie business, and what I got was similar to what you recommend. Now I just have to figure out how to get it to write multiple cookies or else a single cookie containing a hash (which I then have to parse in my script that reads and uses the cookie.) Ugh!

Posted by: jmrathbun Jun 30 2011, 04:23 PM

OK, I think I got it! Here's a working script:

CODE
#!/usr/local/bin/perl
use warnings;
use strict;
use CGI;
my $cgi=new CGI;
use diagnostics;

my $c_topic = $cgi->cookie(-name=>'topic',-value=>'Consciousness',-expires=>'+1d',-path=>'/');
my $c_score = $cgi->cookie(-name=>'score',-value=>'10',-expires=>'+1d',-path=>'/');
my $c_smarts = $cgi->cookie(-name=>'smarts',-value=>'20',-expires=>'+1d',-path=>'/');
my $c_playlevel = $cgi->cookie(-name=>'playlevel',-value=>'30',-expires=>'+1d',-path=>'/');

print "Set-Cookie: $c_topic\n";
print "Set-Cookie: $c_score\n";
print "Set-Cookie: $c_smarts\n";
print "Set-Cookie: $c_playlevel\n";
print $cgi->header;
print $cgi->start_html('Set Cookie');
print $cgi->h1('The cookie has been set!');
print $cgi->end_html;


And the output is:
CODE
Set-Cookie: topic=Consciousness; path=/; expires=Fri, 01-Jul-2011 21:14:11 GMT
Set-Cookie: score=10; path=/; expires=Fri, 01-Jul-2011 21:14:11 GMT
Set-Cookie: smarts=20; path=/; expires=Fri, 01-Jul-2011 21:14:11 GMT
Set-Cookie: playlevel=30; path=/; expires=Fri, 01-Jul-2011 21:14:11 GMT
Content-Type: text/html; charset=ISO-8859-1



<!DOCTYPE html
    PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>Set Cookie</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>The cookie has been set!</h1>
</body>
</html>


Thanks to all who tried to help. I only do this because it's so much fun!


Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)