473,378 Members | 1,417 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > cookie timeout and timezones

Join Bytes to post your question to a community of 473,378 software developers and data experts.

Cookie timeout and timezones

I just figured out a rather puzzling problem I had with a cookie
apparently being ignored. I had it set to timeout in 3 minutes and it
worked fine tested on localhost, but sometimes failed when different
machines connected. The problem was that some of my test machines had
system clocks that weren't quite correct, and the cookie was effectively
timing out as soon as the browser received it. There's a lesson learned. :o}

So I switched from 3 minutes to an hour, then started pondering how much
a skewed system clock I should worry about. This is a security related
issue for my site so I didn't want to use a session cookie. That then
got me thinking about timezones...

Suppose my server is in London - UTC, GMT+0. I set my cookie to expire
in 1 hour. Someone in New York (GMT-5) connects - do they get to keep
the cookie for 6 hours? What about someone in Australia (GMT+10)? Do
they loose their cookie as expired as soon as they see it?

I read up on the issue and decided to use session cookies with a
timestamp in the data so I know exactly what is going on. But I'm still
interested in the answer to the above question. Unless there's something
going on I don't understand, it seems that cookie timeouts are not much
use for periods less than 24 hours or so, simply because of timezone issues.
Aug 15 '05 #1
1 1801
On Mon, 15 Aug 2005 19:49:02 +0100, Derek Fountain <no****@hursley.ibm.com>
wrote:
Suppose my server is in London - UTC, GMT+0. I set my cookie to expire
in 1 hour. Someone in New York (GMT-5) connects - do they get to keep
the cookie for 6 hours? What about someone in Australia (GMT+10)? Do
they loose their cookie as expired as soon as they see it?


The cookie spec states that the expiry time shall be in GMT:

http://wp.netscape.com/newsref/std/cookie_spec.html

If the user has their timezone set wrong then things go wrong, but otherwise
you're only working against with their clock drift (which is hopefully in the
region of a few minutes at worst) rather than timezone offsets.

--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
Aug 15 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
server time vs browser time on cookie expirations
by: dan glenn | last post by:
Say, I want to set a cookie and have it expire an hour after it's set. It's looking like this is only possible for browsers which are in the same time zone as my server?? In other words, if I...
PHP
7
Cookie problem Sessionid get doubled
by: Christoph Pieper | last post by:
Hi, we've the following problem : We have an asp-application which sets the cookie on first login. The cookie will never be touched during user access. The user can work the whole day, but...
ASP / Active Server Pages
0
No cookie timeout in forms authentication
by: Sebastien Roeckel | last post by:
Hello I have a problem with the authentication cookie timeout in a forms authentication. I've developed a Web application that uses forms authentication. My web.config is configured for the...
ASP.NET
0
IsAuthenticated times out with non-persistent cookie - Why/How?
by: Kepler | last post by:
I'm testing very basic FormsAuthentication and having trouble with non-persistent cookies. Once authenticated with a non-persistent cookie, if I leave the browser alone for 30 minutes,...
ASP.NET
0
Authentication cookie holds old session id
by: briand | last post by:
I have the following code in my base page to redirect to a session timeout page. override protected void OnInit(EventArgs e) { base.OnInit(e); //It appears from testing that the Request...
ASP.NET
2
Cookie does not seem to timeout
by: Martin Dew | last post by:
Hi, I am using ASP.Net for a website, I use the following code; <authentication mode="Forms"> <forms name=".ADASTRATEAROUNDS" loginUrl="login.aspx" protection="All" timeout="30" path="/"> ...
ASP.NET
8
Non persistent cookie timeout?
by: bashful.belle | last post by:
I'm using Forms authentication and a non persistent cookie in my asp.net application. How do i get the cookie to time out after a period of inactivity, say 10 minutes, and force the user to login...
ASP.NET
15
persistant cookie, what is it?
by: Edwin Knoppert | last post by:
I have searched but info is limitted. In my test app i used a non persistant cookie for forms authentication. slidingExpiration is set to true On run and close and rerun the login remains ok....
ASP.NET
5
Cookie expiration issues
by: SJ | last post by:
Hi, In my website, i have a cookie that allows the user to remain logged in for upto 90days. So I'm setting the cookie expiration time to 90 days in the future from the time the user logs in....
ASP.NET
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!