Reputation: 817
Expire vs. clearing a cookie
With respect to creating cookies with PHP, what is the difference between using the 'expire' parameter of 'setcookie' and just setting the cookie to ""? In other words I have a cookie that's collecting information, at some point I will grab all this information and send it, and after that point I want to essentially destroy the cookie. Since (from my understanding) cookies are stored on the client side, my options are Expire or set to "". From what I read, 'Expire' just sets the cookie to 0, so is it just with respect to values; int 0 or an empty string?
Also a question about extending original questions asked here. AKA if I had a question that I posted, and then wanted to ask a similar question, do I edit the original question and add this new section or start a new question (like I did here)?
Upvotes: 2
Views: 1321
Answers (4)
Reputation: 920
Setting the value to "" would simply do just that! The cookie is still valid but has a blank value. This is bad practice, as it opens the door to malicious code to use that cookie later. Expiring the cookie will set its expire time to a point in the past, making the cookie unusable to the client browser.
Cookies are "destroyed" when their expiration time is set to some point in the past. At that point, the client browser ignores them.
Upvotes: 1
Reputation: 3385
Not sure what you mean by "Expire" but it should be int if it's referring to 3rd parameter of setcookie.
This will delete cookie when browser is closed
setcookie($cookie_name, $value, 0, {$path});
Same as setcookie($cookie_name, $value);
This will keep the cookie until you want it to stay:
$keep_cookie = 60*10; //10 minutes
setcookie($cookie_name, $value, time()+$keep_cookie, {$path});
Upvotes: 0
Reputation: 65244
The important part is, that a cookie will expire, even if no HTTP request to the server is created (e.g. no click), but manually setting it empty happens only during request execution.
This means, that
- an expiring cookie will simply "disappear" between requests
- expiry happens on the client, meaning a malicious or buggy client will honor expiry wrongly (or not at all)
So you are talking of a different distribution of responsibility between server and client.
Upvotes: 0
Reputation: 342
When you set the cookie then it is stored to client browsers, If you set expire parameter than the cookie will expire(deleted) after given time from client computer, And if you set cookie to 0 then cookie will stay in the client browser with value 0.
Upvotes: 2
Related Questions
- Difference between $_SERVER['HTTP_COOKIE'] and $_COOKIE
- issue with setting expiry time of cookie in PHP header() vs setcookie()
- Using setcookie() to expire a cookie variable vs using $_COOKIE = array();
- Cookie expiration is browser specific or server specific?
- Performing an action on cookie expiration
- PHP cookie expire
- How to properly "delete" a Cookie in PHP
- PHP Expire cookie
- Is it a good practice to unset cookie expire parameter?
- Best expiration setting for cookies in this situation?