max-age attribute not working, How do you make a cookie expire? Options

[jmrathbun]

I'm trying to set a cookie that will expire in 24 hours. I've tried

CODE

Set-Cookie: score=10; path=/; expires=time()+86400

and I've tried

CODE

Set-Cookie: score=10; path=/; max-age=86400

both on Unix and on Windows servers, but in every case I get a session cookie only.

What's wrong?

[Darin McGrew]

The expires=... value should be a date/time value, for example:
expires=Thu, 30-Jun-2012 20:23:38 GMT

Something needs to process the "time()+86400" value and convert that into a date/time value in the above format. That isn't happening.

[jmrathbun]

The expires=... value should be a date/time value, for example:
expires=Thu, 30-Jun-2012 20:23:38 GMT

Something needs to process the "time()+86400" value and convert that into a date/time value in the above format. That isn't happening.

According to http://tools.ietf.org/html/rfc6265#section-4.1

4.1.2.2. The Max-Age Attribute


The Max-Age attribute indicates the maximum lifetime of the cookie,
represented as the number of seconds until the cookie expires. The
user agent is not required to retain the cookie for the specified
duration. In fact, user agents often evict cookies due to memory
pressure or privacy concerns.

NOTE: Some existing user agents do not support the Max-Age
attribute. User agents that do not support the Max-Age attribute
ignore the attribute.

If a cookie has both the Max-Age and the Expires attribute, the Max-
Age attribute has precedence and controls the expiration date of the
cookie. If a cookie has neither the Max-Age nor the Expires
attribute, the user agent will retain the cookie until "the current
session is over" (as defined by the user agent).

So maybe my Firefox is one of those browsers that ignores the max-age attribute. As far as the expires= tag, I gather that's deprecated and I have seen multiple conflicting ideas on how to use it. I decided to rewrite my script using CGI to manage the whole cookie business, and what I got was similar to what you recommend. Now I just have to figure out how to get it to write multiple cookies or else a single cookie containing a hash (which I then have to parse in my script that reads and uses the cookie.) Ugh!

[jmrathbun]

OK, I think I got it! Here's a working script:

CODE

#!/usr/local/bin/perl
use warnings;
use strict;
use CGI;
my $cgi=new CGI;
use diagnostics;

my $c_topic = $cgi->cookie(-name=>'topic',-value=>'Consciousness',-expires=>'+1d',-path=>'/');
my $c_score = $cgi->cookie(-name=>'score',-value=>'10',-expires=>'+1d',-path=>'/');
my $c_smarts = $cgi->cookie(-name=>'smarts',-value=>'20',-expires=>'+1d',-path=>'/');
my $c_playlevel = $cgi->cookie(-name=>'playlevel',-value=>'30',-expires=>'+1d',-path=>'/');

print "Set-Cookie: $c_topic\n";
print "Set-Cookie: $c_score\n";
print "Set-Cookie: $c_smarts\n";
print "Set-Cookie: $c_playlevel\n";
print $cgi->header;
print $cgi->start_html('Set Cookie');
print $cgi->h1('The cookie has been set!');
print $cgi->end_html;

And the output is:

CODE

Set-Cookie: topic=Consciousness; path=/; expires=Fri, 01-Jul-2011 21:14:11 GMT
Set-Cookie: score=10; path=/; expires=Fri, 01-Jul-2011 21:14:11 GMT
Set-Cookie: smarts=20; path=/; expires=Fri, 01-Jul-2011 21:14:11 GMT
Set-Cookie: playlevel=30; path=/; expires=Fri, 01-Jul-2011 21:14:11 GMT
Content-Type: text/html; charset=ISO-8859-1



<!DOCTYPE html
    PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>Set Cookie</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>The cookie has been set!</h1>
</body>
</html>

Thanks to all who tried to help. I only do this because it's so much fun!