Cookie expires inaccurately

BioHazard has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks,

I am working on a cookie-managed community system but my cookies expire too inaccurately, in detail: too early.
I am using Apache 1.27x on a Win32 (NT 5.1) machine, ActiveState Perl 5.6 and the module CGI.
With the script shown below, the cookie is supposed to expire 10 minutes after being set. I have counted the time and found out that it actually expired after 8 minutes and ~50 seconds. When I do this test again with -expires => "+30s", the cookie won't be set at all.
Do you have any Ideas how this problem can be solved?

#!C:\Perl\bin\perl.exe

use strict;
use CGI;

my $q = CGI->new();

my $service = $q->param('service') || '';

&printCookieContent() if ($service eq 'showcookie');

sub printCookieContent
{
    my $cookie = $ENV{HTTP_COOKIE};
    my ($name, $value) = split(m/=/, $cookie, 2);
    
    print $q->header('text/html');
    print "$name<br>$value";
    exit;
}

my $cookie = $q->cookie( -name        => "Testname",
             -value        => "Testvalue",
             -domain    => "abroxa.dyndns.org",
             -expires    => "+10m",
             -path        => "/cgi-bin"
            );
    
print $q->header(-type => 'text/html', -cookie => $cookie);

print qq ~<a href="cookietest.cgi?service=showcookie">klick here to te
+st the cookie</a>~;

exit;
[download]

BioHazard

reading between the lines is my real pleasure

Comment on Cookie expires inaccurately Select or Download Code

Replies are listed 'Best First'.
Re: Cookie expires inaccurately by Aristotle (Chancellor) on Dec 28, 2002 at 16:26 UTC
See you-know-who's column on using cookies The Right Way. Basically, you shouldn't rely on the browser at all. Makeshifts last the longest.	[reply]
Re: (nrd) Cookie expires inaccurately by newrisedesigns (Curate) on Dec 28, 2002 at 15:06 UTC
Your browser throws away the cookie when the date set by the server has passed. If your server's time and your local time are off (by 1 minute, ~10 seconds) cookies will expire prematurely. I suggest using some other form of session-time verification, like time-in-url or record the session time on the server only. I also highly suggest against cookies altogether, considering they are unreliable in every browser. Hope this helps... if not, post a reply! John J Reiser newrisedesigns.com	[reply]
Re: Re: (nrd) Cookie expires inaccurately by BioHazard (Pilgrim) on Dec 28, 2002 at 15:21 UTC
You are right! The server's time and my local differ. But only ~40 seconds. I hope that is the problem, because now the cookie is set when I try `-expires => "+30s"` but is not thrown away after this time :(. I am thinking about getting away from cookies, too. Many people have told me great advantages of other session-time verfication. There is just one point I do not understand (It's silly perhaps): A server in America with 6 hours difference for example (I am from Germany) will give me correct cookie (-times), right? Then how does the server do it? Thanks for your suggestions :) BioHazard reading between the lines is my real pleasure	[reply] [d/l]
Re: Re: Re: (nrd) Cookie expires inaccurately by poj (Abbot) on Dec 28, 2002 at 19:47 UTC
The expiry time in the cookie is always GMT. poj	[reply]
Re:^3 (nrd) Cookie expires inaccurately by newrisedesigns (Curate) on Dec 29, 2002 at 14:45 UTC
It will give you the correct time because it will use GMT. You can always check if cookies are set by telneting to your server using port 80, then typing "GET /document.html" replacing "document.html" with the path of your file or CGI. (ie. "GET /cgi-bin/index.pl" or "HEAD /cgi-bin/index.pl" to get just the headers.) Hope this helps. John J Reiser newrisedesigns.com	[reply]
Re: Cookie expires inaccurately by poj (Abbot) on Dec 28, 2002 at 14:47 UTC
I tried this with 30 seconds and it timed out at 27 seconds but then I remembered you have to start timing from the first time the script runs, not the first time you press 'klick here'. When I tried a second time I had to refresh the browser first but then it was OK. Can't see why it shouldn't work unless it's a cache problem. poj	[reply]


"be consistent"
	PerlMonks