Ah, I see. Thanks for the explanation. It's a bit misleading, because in PHP's actual setcookie function, using 0 as the expiry makes it expire at the end of the session.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Wed, Dec 19, 2012 at 1:07 AM, Matthew Flaschen mflaschen@wikimedia.orgwrote:
On 12/19/2012 12:47 AM, Tyler Romeo wrote:
Maybe I'm missing something, but where is the 180 days number coming
from.
When User::setCookies() sets the cookies, it gives it no expiry, so in reality the cookie persists until the browser removes it.
Here ( https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes... ) User::setCookies calls User::setCookie (singular) with expiration 0 for UserID and UserName. I don't know where you see no expiration.
However, User::setCookie ( https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes... ) itself says "if 0 or not specified, use the default $wgCookieExpiration"
It actually calls WebResponse::setcookie ( https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/core.git;a=blob;f=includes... ). Both User::setCookie and WebResponse::setcookie default the $exp if it is not passed in, though it is in this case. setcookie does that expiration logic.
0 corresponds to expire = time() + $wgCookieExpiration.
I don't see any way there can be an infinite cookie.
Matt Flaschen
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l