In Yii framework I create a new cookie using the following code:
$newCookie = new CHttpCookie('_tracker' $campaignId);
$newCookie->expire = (time()+(60*60*24*30));//1 month
$newCookie->httpOnly = true;
Yii::app()->request->cookies['_tracker'] = $newCookie;
//var_dump($newCookie);exit;
When I var_dump
$newCookie
variable, I get the following output:
object(CHttpCookie)[66]
public 'name' => string '_tracker' (length=<img src='http://www.yiiframework.com/forum/public/style_emoticons/default/cool.gif' class='bbc_emoticon' alt='8)' />
public 'value' => string 'd0be2dc421be4fcd0172e5afceea3970e2f3d940' (length=40)
public 'domain' => string '' (length=0)
public 'expire' => int 1438433074
public 'path' => string '/' (length=1)
public 'secure' => boolean false
public 'httpOnly' => boolean true
private '_e' (CComponent) => null
private '_m' (CComponent) => null
So expire
property of $newCookie
object is set, and httpOnly
property is set too.
On the next request, when I receive the cookie and var_dump
it, I get the following result:
object(CHttpCookie)[19]
public 'name' => string '_tracker' (length=<img src='http://www.yiiframework.com/forum/public/style_emoticons/default/cool.gif' class='bbc_emoticon' alt='8)' />
public 'value' => string 'd0be2dc421be4fcd0172e5afceea3970e2f3d940' (length=40)
public 'domain' => string '' (length=0)
public 'expire' => int 0
public 'path' => string '/' (length=1)
public 'secure' => boolean false
public 'httpOnly' => boolean false
private '_e' (CComponent) => null
private '_m' (CComponent) => null
The problem is that expire
property is set to 0
, and httpOnly
property is set to false
. What is the cause?
Update 1: When I examine the cookie in a browser (Google Chrome), cookie expiration time is set properly, as well as httpOnly property. Here is screenshot:
Update 2: This is what Microsoft says: “The browser is responsible for managing cookies, and the cookie’s expiration time and date help the browser manage its store of cookies. Therefore, although you can read the name and value of a cookie, you cannot read the cookie’s expiration date and time. When the browser sends cookie information to the server, the browser does not include the expiration information.”
As per this Microsoft’s comment, this means that browser will not send cookie expiration time, and that is the reason why Yii is seting expire property of received cookie to 0.
Can someone confirm this asumption, and is this true for httpOnly property?