Gossamer Forum
Home : Products : Gossamer Links : Discussions :

What happens when a cookie expires?

Quote Reply
What happens when a cookie expires?
Okay, I have users utilizing cookies for identification (long story), and I notice the software defaults to a cookie life of 3 hours. I know I can drop that to 1 hour, and I see rumor to suggest I can drop that to, say, 0.25 hours, but if I drop the cookie life to a time shorter than the user is online, what happens to the user's session? Angelic Does it automatically renew? Or something the user might consider dastardly? Mad

Alan Frayer
Don't just read the news - make the news!
Your World News - http://yourworldnews.frayernet.com
Quote Reply
Re: [afrayer] What happens when a cookie expires? In reply to
cookies are refresed with each request.

This is why when you are a site like paypal or googles adsense, you are not logged off, but if you answer the phone, or get a cup of coffee, you most likely have to log back in.

So, if a cookie has a TTL of 3 hours, if a user logs in at 2 hours, the date/time is checked against the cookie, and if it's greater than the cookie date, the cookie is expired. If it's less, the cookie date is refresed to the current access time.

At least that is how it _should_ work.

Changing the TTL on a cookie while a user is on-line, will log off users beyond the last refresh time, but users under that cut off _should_ just go through the normal process of compare/delete_or_update


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.
Quote Reply
Re: [pugdog] What happens when a cookie expires? In reply to
Crazy So... if a user has a cookie life of 0.5 hours, and stays online beyond that, but doesn't do anything that asks for the cookie (such as hanging out in a Forum), then it might be possible that the user would be asked for a fresh login if the user causes a cookie "challenge" after the 0.5 hour TTL?

I've over simplified the situation... I'm trying to decide if the security of short-life cookies outweighs the user satisfaction benefits created by longer-lived cookies and single sign-on configurations.

Alan Frayer
Don't just read the news - make the news!
Your World News - http://yourworldnews.frayernet.com
Quote Reply
Re: [afrayer] What happens when a cookie expires? In reply to
I was writing a message, and just got hit by the bug/problem I was ranting about.

I just hit the backspace key accidentally, and lost my whole message, about 80 lines, including both code and pseudo code. I *HATE* the advanced editor!!!

I was saying *NOTHING* pisses me off *MORE* (maybe as much as, but not more than) short TTL cookies.

The problem with the GT forum and such, is that if the cookie expires while the user is in the middle of a message, when he goes to submit it, the message is lost.

Longer ttl times are better.

There is probabably an easy plugin way to do it, and it could be done with 2 new configuration variables and a field in the User table.


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.