I'm running a comparatively big web site, where user authentication is done by sending a session cookie to the browser without expiration time. So the cookie is supposed to be removed when the browser is closed - and also to persist until this.
After Jan 1st 2001 I've received numerous complaints from users of the site who use MSIE 4 or 3 as their browser. The users have been unable to log into the site, the cookie which stores their user id appears to PHP as 'deleted' (as it does when the cookie has just expired). I have also understood that this doesn't happen only when they have tried to log into the site - their user id has been 'deleted' already when they enter the site - though there should not be any cookies saved! Upgrading the browser into version 5 (or changing browser, of course) has helped, but probably there could be some other way around this problem - some changes to the way we send the cookies.
This problem possibly is not with PHP, but as it most probably affects many PHP users, I thought that this could be good arena to bring this problem into discussion. Has anyone else noticed this Y2K+1-problem? Has anyone any good ideas how to change the way cookies are sent, or even any idea where the problem might be: should we send the expiration-time with the cookie or what there is to be done?
