Cookie Expiration Using Browser's Time

Anon

I ran across a problem with a user of our web site whose time was incorrect on his local computer. Our login cookies are set to expire after just a few minutes and his computer's time was set further ahead than this timeout period. So, I'm realizing that we need to start setting our cookie expiration times based on the browser time rather than our server's time.

Does anyone have any insight into how we can set cookie expiration times that are calculated off of the browser's time? I think I could set it using JavaScript, but I was hoping that there might be an even easier way.

Any suggestions?

Anon

You can do like that:

No expiration limit is set in the cookie. But keep a unix_time value in the cookie. When each time you check the cookie, check that unix_time value and compare with your server current time, if the value indicates expiry. Clear the cookie and show out it's expired.

e.g.

to set cookie:
setcookie("expire_at", time()+1800); // 30 minutes

to check cookie:
if ($GLOBALS["expire_at"] < time()) {
// expired
setcookie("expire_at", "");
// continue for expiry
} else {
// not expire
// update the cookie if you want to update expiry time
}

Try it.

Anon

Surely, this will not work if the computer's clock is more than 30 minutes out of synchronisation?