Cookie values are not set properly

In Yii framework I create a new cookie using the following code:

 $newCookie = new CHttpCookie('_tracker' $campaignId);

    $newCookie->expire = (time()+(60*60*24*30));//1 month

  	$newCookie->httpOnly = true;

    Yii::app()->request->cookies['_tracker'] = $newCookie;

    //var_dump($newCookie);exit;

When I var_dump $newCookie variable, I get the following output:

object(CHttpCookie)[66]

      public 'name' => string '_tracker' (length=<img src='http://www.yiiframework.com/forum/public/style_emoticons/default/cool.gif' class='bbc_emoticon' alt='8)' />

      public 'value' => string 'd0be2dc421be4fcd0172e5afceea3970e2f3d940' (length=40)

      public 'domain' => string '' (length=0)

      public 'expire' => int 1438433074

      public 'path' => string '/' (length=1)

      public 'secure' => boolean false

      public 'httpOnly' => boolean true

      private '_e' (CComponent) => null

      private '_m' (CComponent) => null

So expire property of $newCookie object is set, and httpOnly property is set too.

On the next request, when I receive the cookie and var_dump it, I get the following result:

 object(CHttpCookie)[19]

              public 'name' => string '_tracker' (length=<img src='http://www.yiiframework.com/forum/public/style_emoticons/default/cool.gif' class='bbc_emoticon' alt='8)' />

              public 'value' => string 'd0be2dc421be4fcd0172e5afceea3970e2f3d940' (length=40)

              public 'domain' => string '' (length=0)

              public 'expire' => int 0

              public 'path' => string '/' (length=1)

              public 'secure' => boolean false

              public 'httpOnly' => boolean false

              private '_e' (CComponent) => null

              private '_m' (CComponent) => null

The problem is that expire property is set to 0, and httpOnly property is set to false. What is the cause?

Update 1: When I examine the cookie in a browser (Google Chrome), cookie expiration time is set properly, as well as httpOnly property. Here is screenshot:

Update 2: This is what Microsoft says: “The browser is responsible for managing cookies, and the cookie’s expiration time and date help the browser manage its store of cookies. Therefore, although you can read the name and value of a cookie, you cannot read the cookie’s expiration date and time. When the browser sends cookie information to the server, the browser does not include the expiration information.”

As per this Microsoft’s comment, this means that browser will not send cookie expiration time, and that is the reason why Yii is seting expire property of received cookie to 0.

Can someone confirm this asumption, and is this true for httpOnly property?

I’m not sure but it looks like you call for the cookie in the wrong way second time. Can you share your code for this?

I just var_dumped all cookies:

var_dump(Yii::app()->request->cookies);

You are right, this is the case for all kind of cookies. The expire time and other parameters are not visible. The only way to get cookie expiration date is to save this date as cookie value as well.

Yes, it is seems that browser is not sending cookie expiration time.

If someone needs to track cookies and sort them per expiration (or creation) time, then here is the solution:

In a cookie name, add information about cookie expiration time:

$newCookie = new CHttpCookie('_tracker|'.time(), $campaignId);

$newCookie->expire = (time()+(60*60*24*30));//1 month

$newCookie->httpOnly = true;//This is imporant. whether the cookie should be accessible only through the HTTP protocol and we want YES

Yii::app()->request->cookies['_tracker|'.time()] = $newCookie;

Now when you receive cookie from browser, you can explode timestamp information like this:

$cookies = Yii::app()->request->cookies;

foreach($cookies as $c):

	$cookieParts = explode('|',$c->name);

	$creationTime = $cookieParts[1];//Get cookie creation time

	//Here you can now compare or add additional logic

endforeach;