JavaScript Cookie expires time must be GMT ?
bryansu
Status: Curious
Joined: 18 Nov 2006
Posts: 6
Reply Quote
Hi,

Just wondering, If i use the localetime instead of GMT time for the expires, what will happen.

I try to use the localetime ( Fri Nov 17 03:23:44 UTC+0800 2006) before, the cookies was created successfully. So i was wondering why must it be converted to GMT.

Will javascript convert it automatically to GMT time.
Back to top
jeffd
Status: Assistant
Joined: 04 Oct 2003
Posts: 594
Reply Quote
This is the code I use, and have used for years, based on public domain cookie code:

:: Code ::
/*
only the first 2 parameters are required, the cookie name, the cookie
value. Cookie time is in milliseconds, so the below expires will make the
number you pass in the Set_Cookie function call the number of days the cookie
lasts, if you want it to be hours or minutes, just get rid of 24 and 60.

Generally you don't need to worry about domain, path or secure for most applications
so unless you need that, leave those parameters blank in the function call.
*/
function Set_Cookie( name, value, expires, path, domain, secure ) {
   // set time, it's in milliseconds
   var today = new Date();
   today.setTime( today.getTime() );
   // if the expires variable is set, make the correct expires time, the
   // current script below will set it for x number of days, to make it
   // for hours, delete * 24, for minutes, delete * 60 * 24
   if ( expires )
   {
      expires = expires * 1000 * 60 * 60 * 24;
   }
   //alert( 'today ' + today.toGMTString() );// this is for testing purpose only
   var expires_date = new Date( today.getTime() + (expires) );
   //alert('expires ' + expires_date.toGMTString());// this is for testing purposes only

   document.cookie = name + "=" +escape( value ) +
      ( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) + //expires.toGMTString()
      ( ( path ) ? ";path=" + path : "" ) +
      ( ( domain ) ? ";domain=" + domain : "" ) +
      ( ( secure ) ? ";secure" : "" );
}

Back to top
....
bryansu
Status: Curious
Joined: 18 Nov 2006
Posts: 6
Reply Quote
I already got the code for reading and setting cookie using javascript. just wondering if the expires is using a non-UTC date, what will happen.


When you put a non-UTC date into the expires, will the javascript automatically convert the date to a GMT.
Back to top
jeffd
Status: Assistant
Joined: 04 Oct 2003
Posts: 594
Reply Quote
try it and see. The experiment would take a lot less time than the research.

Set a cookie for expires = 5 minutes. Have the page test for the cookie, and print out if it's present or not. Visit the page. Close the browser, revisit it in 10 minutes. Closing the browser is important because most browsers treat a cookie as having the lifespan of the session no matter when you tell it to expire.

Do it both ways, using local time and gmt time. Since it only takes a minute to hack the code to do the test, I can't see any particular reason for you not to try it now.

If you are not in gmt time zone, the results will show you right away the answer to your question.

I've never felt the need to ask the question because the above code has always worked, for the last 8 or so years. Since it sets with gmt time, I would assume that's what is required, but if this question just has a hold on you, verify it for yourself.

You'll know the answer about 30 minutes from now.

I'd also try it in different browsers, by the way, just to make sure that different browser javascript engines don't handle this in different ways.
Back to top
...
bryansu
Status: Curious
Joined: 18 Nov 2006
Posts: 6
Reply Quote
I will be doing the test afterward. The main reason i post this is to compare the result i will be getting and from some other expert.

By the way, I have look everywhere for the answer of my question, and i cant find anything out of it. I do believe other ppl will have this doubt too and have end up like what i am...therefore by posting this thread, everyone can know what's is going on.

Wasn't creating a forum is for the sake of sharing knowledge ?
Back to top
Result
bryansu
Status: Curious
Joined: 18 Nov 2006
Posts: 6
Reply Quote
After doing testing, i have the conclusion of


1) expires date uses in document.cookie MUST be in UTC/GMT, else you won't be able to see the result.
2) When using non-UTC date, cookie will be created in the client-side(c:\document and setting\username\cookie), but when u try to retrieve it back using a new page, it will not work.
3) If retrieve the cookie back from the page that create the cookie, you will be able to retrieve it, the main reason is because cookie is obtained from browser session instead of cookie itself.
4) The main reason of using UTC/GMT is to standard all the user from different timezone to follow and refer to a standard universal time. Therefore when a web-programmer written a cookie expires is 4 hours ahead, there will be no confusion happen at user from timezone +8.00 away from GMT.

This is something cool..but have i tested it on the php command...will try later on.
Back to top
jeffd
Status: Assistant
Joined: 04 Oct 2003
Posts: 594
Reply Quote
bryansu, thanks a lot for doing the tests and posting your results.

While I suspected this was the case because the cookie scripts I've used have been standardized for so long, it's always better to KNOW than to suspect.

What's interesting about the php stuff is that I don't use gmt on php cookies, so I guess either the php engine processes them gmt automatically or... well, I think it would have to, since the cookie time would be set using the server time, not the client time, so it would have to be gmt for the same reasons you listed above.

Nice testing though, I've been surprised in the past by testing various things and not getting the expected outcome, so you never know until you do the actual tests.

:: Quote ::
By the way, I have look everywhere for the answer of my question, and i cant find anything out of it. I do believe other ppl will have this doubt too and have end up like what i am...therefore by posting this thread, everyone can know what's is going on.

Wasn't creating a forum is for the sake of sharing knowledge ?

Bryansu, you are absolutely right, the purpose of, at least this, forum is to share knowledge. Next time you google this question, maybe this thread will come up, lol.
Back to top
PHP site
bryansu
Status: Curious
Joined: 18 Nov 2006
Posts: 6
Reply Quote
I Always believe of power of sharing, that is why i am involving myself alot in forums and sharing things around.

Regarding the PHP setcookie. The way PHP is compare the time between server time and client time. If client time is 2 month ahead php, and php server is setting cookie expire date is in 2 days, i think the cookie wil have problem creating in client side.

I cannot confirm this until i really tested it out. So far i have did some simple testing and this is what i thought of. Will post it when i am testing it.
Back to top
Re: Result
bryansu
Status: Curious
Joined: 18 Nov 2006
Posts: 6
Reply Quote
[quote="bryansu"]After doing testing, i have the conclusion of


1) expires date uses in document.cookie MUST be in UTC/GMT, else you won't be able to see the result.

2) Using non-UTC date, cookie will be temporary created, and the browser that created the cookie will be able to see the cookie value. If a new browser is open to view it, the cookie cant be seen.

3) If retrieve the cookie back from the page that create the cookie, you will be able to retrieve it, the main reason is because cookie is obtained from browser session instead of cookie itself.

4) The main reason of using UTC/GMT is to standard all the user from different timezone to follow and refer to a standard universal time. Therefore when a web-programmer written a cookie expires is 4 hours ahead, there will be no confusion happen at user from timezone +8.00 away from GMT.

5) When expired time is set, server-side time will be obtain but client-side time will be compare. If you set 10 minute on the expiration, server-time will be add 10minute. But browser will compare the time with the client-side time. If client-side is not according to standard, then cookie will not be able to be view.


Eventhough javascript is client side script, but the time taken is in server-side...this is funny.
Back to top
Display posts from previous:   

All times are GMT - 8 Hours