ZF-5690: Cookies with an expiration date after Tue, 19 Jan 2038 03:14:07 UTC have expiry time set as "0" which results in the cookie being considered expired in isExpired()

Issue Type: Bug Created: 2009-02-04T17:24:59.000+0000 Last Updated: 2009-03-29T07:19:15.000+0000 Status: Resolved Fix version(s): Reporter: J Cobb (crazyj) Assignee: Shahar Evron (shahar) Tags: - Zend_Http_Cookie

Related issues: Attachments:


I've been working with a cookie that has "expires=Sat, 29-Jan-2039 00:54:42 GMT" and it is never automatically added to the cookieJar. Upon some investigating I discovered that it is because isExpired() returns true for that cookie because when the is set fromString() the line $expires = strtotime($v); sets $expires to 0 (false). Upon investigating the manual for strtotime() I noticed that my cookie expiration date is outside the "maximum values for a 32-bit signed integer." If I alter the expiration date of the cookie to be before the maximum value (Tue, 19 Jan 2038 03:14:07 UTC) the cookie expiration is properly set and properly passes isExpired().

Not sure how important it is to this but I am using PHP 5.2.8 on Mac OS X 10.5.6 with Zend Framework 1.7.4.

UPDATE: I'm not sure if this is considered OK as a fix/workaround but changing the strtotime() around line 307 to this seems to work: $expireDate = new Zend_Date($v); $expires = $expireDate->get(Zend_Date::TIMESTAMP);


Posted by Shahar Evron (shahar) on 2009-03-19T02:51:29.000+0000

Fixed in rev. 14376. This fix adds a dependency on Zend_Date

Posted by J Cobb (crazyj) on 2009-03-27T13:13:35.000+0000

I've been using the fixed file in production and it works well.

Posted by Thomas Weidner (thomas) on 2009-03-27T14:25:26.000+0000

3 notes: *) The dependency should not be hardcoded... when no expires is given you still load Zend_Date *) You use Zend_Date also when the time does not extend the unix timestamp *) You use get instead of getTimestamp which results in slower execution

Posted by Shahar Evron (shahar) on 2009-03-29T07:19:02.000+0000

Thanks Thomas for the comments and J Cobb for the patch - I've mostly applied your patch except for making sure that (strtotime($v) === false) instead of just (! strtotime($v)) which does not necessarily indicate an error (might also be that the cookie is exactly set to expire on UNIX epoch).

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.