set-cookie expiration in seconds

Question

Does the html header Set-Cookie function accept expiration in seconds?

header( "Set-Cookie:". $cookieName."=".$sessId."; expires=".$expireSeconds."; sessionID=".$sessId.";path=".$path."; domain=".$domain."; httponly; secure);

$expireSeconds = time()+$expireSeconds;

NOTE: I dont want to use set cookie because i am running php4 version. Also php4 does not support httponly in the setcookie() function

Answer 1

The proper date format for expires is something like this:

Mon, 19 Nov 2012 15:40:59 GMT

That format can be obtained with this snippet:

str_replace('+0000', 'GMT', gmdate('r'));

Or:

gmdate('D, d M Y H:i:s T');

Expiry date of 30 days in the future can be done with:

$expires = str_replace('+0000', 'GMT', gmdate('r', strtotime('+30 days')));

The max-age can be used to specify (in seconds) when the cookie should expire; this is not portable between all browsers though, as explained here.

Answer 2

If you are writing the header yourself then you need to provide the date in this format:

DAY, DD-MMM-YYYY HH:MM:SS GMT
DAY
    The day of the week (Sun, Mon, Tue, Wed, Thu, Fri, Sat).
DD
    The day in the month (such as 01 for the first day of the month).
MMM
    The three-letter abbreviation for the month (Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec).
YYYY
    The year.
HH
    The hour value in military time (22 would be 10:00 P.M., for example).
MM
    The minute value.
SS
    The second value.

However, if you are using PHP's setcookie() function, the date needs to be a Unix timestamp You might use mktime(). time()+60*60*24*30 will set the cookie to expire in 30 days. If set to 0, or omitted, the cookie will expire at the end of the session (when the browser closes).