ZF-5690: Cookies with an expiration date after Tue, 19 Jan 2038 03:14:07 UTC have expiry time set as "0" which results in the cookie being considered expired in isExpired()


I've been working with a cookie that has "expires=Sat, 29-Jan-2039 00:54:42 GMT" and it is never automatically added to the cookieJar. Upon some investigating I discovered that it is because isExpired() returns true for that cookie because when the is set fromString() the line $expires = strtotime($v); sets $expires to 0 (false). Upon investigating the manual for strtotime() I noticed that my cookie expiration date is outside the "maximum values for a 32-bit signed integer." If I alter the expiration date of the cookie to be before the maximum value (Tue, 19 Jan 2038 03:14:07 UTC) the cookie expiration is properly set and properly passes isExpired().

Not sure how important it is to this but I am using PHP 5.2.8 on Mac OS X 10.5.6 with Zend Framework 1.7.4.

UPDATE: I'm not sure if this is considered OK as a fix/workaround but changing the strtotime() around line 307 to this seems to work: $expireDate = new Zend_Date($v); $expires = $expireDate->get(Zend_Date::TIMESTAMP);


Fixed in rev. 14376. This fix adds a dependency on Zend_Date

I've been using the fixed file in production and it works well.

3 notes: *) The dependency should not be hardcoded... when no expires is given you still load Zend_Date *) You use Zend_Date also when the time does not extend the unix timestamp *) You use get instead of getTimestamp which results in slower execution

Thanks Thomas for the comments and J Cobb for the patch - I've mostly applied your patch except for making sure that (strtotime($v) === false) instead of just (! strtotime($v)) which does not necessarily indicate an error (might also be that the cookie is exactly set to expire on UNIX epoch).