How do you get a cookies params? The "expire, secure, httponly" etc.
Is it possible?
views:
49answers:
3
+1
A:
No (definitely not with PHP and I don't think you can do it with Javascript either). But you can save that information in the cookie data.
Sometimes you want to have a cookie valid for some time and also enforce that validity in the server. For instance, the client uses a cookie to authentication itself and that cookie has a certain validity (e.g. the user should be logged in for x days). In that case, you should also store that time in the database and check it when the cookie authentication token is given. If there is no tampering, the cookie should expire at the time you have recorded in the database (or before), otherwise, the credentials are rejected anyway.
Artefacto
2010-07-04 08:18:08
+2
A:
There isn't a way to get when a cookie is set to expire or any of the other parameters you are asking for using PHP. This is because PHP doesn't store anything like that, when you are setting a cookie, you are basically saying to output a header to the browser only once, then it's the job of the client (a browser) to send back the cookie data on each HTTP request. PHP therefore has no reason to retain the data, so it doesn't.
You can of course store when the cookie will expire in another cookie or a file somewhere, if you know where in your code the cookies are being set.
Sam152
2010-07-04 08:18:26
Storing it isn't a guarantee. The user is free to modify it himself.
Daniel Egeberg
2010-07-04 09:24:08
If the user/client isn't behaving, the app shouldn't have to either.
Sam152
2010-07-05 08:31:29
+1
A:
Neither can you do it client-side. Javascripts document.cookie doesn't make the expiry time available. A common idiom is therefore to set companion cookies, which contain the last time cookies have been refreshed. Or you might also want to set a cookie to compound values, e.g. setcookie("name", "value..|time()") and later access it using strtok($_COOKIE["name"], "|").
mario
2010-07-04 08:26:19