http://qs1969.pair.com?node_id=222729

BioHazard has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks,

I am working on a cookie-managed community system but my cookies expire too inaccurately, in detail: too early.
I am using Apache 1.27x on a Win32 (NT 5.1) machine, ActiveState Perl 5.6 and the module CGI.
With the script shown below, the cookie is supposed to expire 10 minutes after being set. I have counted the time and found out that it actually expired after 8 minutes and ~50 seconds. When I do this test again with -expires => "+30s", the cookie won't be set at all.
Do you have any Ideas how this problem can be solved?
#!C:\Perl\bin\perl.exe use strict; use CGI; my $q = CGI->new(); my $service = $q->param('service') || ''; &printCookieContent() if ($service eq 'showcookie'); sub printCookieContent { my $cookie = $ENV{HTTP_COOKIE}; my ($name, $value) = split(m/=/, $cookie, 2); print $q->header('text/html'); print "$name<br>$value"; exit; } my $cookie = $q->cookie( -name => "Testname", -value => "Testvalue", -domain => "abroxa.dyndns.org", -expires => "+10m", -path => "/cgi-bin" ); print $q->header(-type => 'text/html', -cookie => $cookie); print qq ~<a href="cookietest.cgi?service=showcookie">klick here to te +st the cookie</a>~; exit;
BioHazard
reading between the lines is my real pleasure

Replies are listed 'Best First'.
Re: Cookie expires inaccurately
by Aristotle (Chancellor) on Dec 28, 2002 at 16:26 UTC
Re: (nrd) Cookie expires inaccurately
by newrisedesigns (Curate) on Dec 28, 2002 at 15:06 UTC

    Your browser throws away the cookie when the date set by the server has passed. If your server's time and your local time are off (by 1 minute, ~10 seconds) cookies will expire prematurely.

    I suggest using some other form of session-time verification, like time-in-url or record the session time on the server only. I also highly suggest against cookies altogether, considering they are unreliable in every browser.

    Hope this helps... if not, post a reply!

    John J Reiser
    newrisedesigns.com

      You are right!
      The server's time and my local differ. But only ~40 seconds. I hope that is the problem, because now the cookie is set when I try -expires => "+30s" but is not thrown away after this time :(. I am thinking about getting away from cookies, too. Many people have told me great advantages of other session-time verfication.
      There is just one point I do not understand (It's silly perhaps): A server in America with 6 hours difference for example (I am from Germany) will give me correct cookie (-times), right? Then how does the server do it?

      Thanks for your suggestions :)

      BioHazard
      reading between the lines is my real pleasure
        The expiry time in the cookie is always GMT.
        poj

        It will give you the correct time because it will use GMT.

        You can always check if cookies are set by telneting to your server using port 80, then typing "GET /document.html" replacing "document.html" with the path of your file or CGI. (ie. "GET /cgi-bin/index.pl" or "HEAD /cgi-bin/index.pl" to get just the headers.)

        Hope this helps.

        John J Reiser
        newrisedesigns.com

Re: Cookie expires inaccurately
by poj (Abbot) on Dec 28, 2002 at 14:47 UTC
    I tried this with 30 seconds and it timed out at 27 seconds but then I remembered you have to start timing from the first time the script runs, not the first time you press 'klick here'. When I tried a second time I had to refresh the browser first but then it was OK. Can't see why it shouldn't work unless it's a cache problem.
    poj