Bug #23955: allow specifiy max age for setcookie()

NEWS

@@ -7,6 +7,7 @@ PHP                                                                        NEWS
   . Fixed bug #63822 (Crash when using closures with ArrayAccess).
     (Nikita Popov)
   . Add Generator::throw() method. (Nikita Popov)
+  . Bug #23955: allow specifying Max-Age attribute in setcookie() (narfbg, Lars)
 
 - cURL:
   . Added new functions curl_escape, curl_multi_setopt, curl_multi_strerror

ext/session/session.c

@@ -1154,6 +1154,7 @@ static int php_session_cache_limiter(TSRMLS_D) /* {{{ */
 
 #define COOKIE_SET_COOKIE "Set-Cookie: "
 #define COOKIE_EXPIRES	"; expires="
+#define COOKIE_MAX_AGE	"; Max-Age="
 #define COOKIE_PATH		"; path="
 #define COOKIE_DOMAIN	"; domain="
 #define COOKIE_SECURE	"; secure"
@@ -1201,6 +1202,9 @@ static void php_session_send_cookie(TSRMLS_D) /* {{{ */
 			smart_str_appends(&ncookie, COOKIE_EXPIRES);
 			smart_str_appends(&ncookie, date_fmt);
 			efree(date_fmt);
+
+			smart_str_appends(&ncookie, COOKIE_MAX_AGE);
+			smart_str_append_long(&ncookie, PS(cookie_lifetime));
 		}
 	}
 

ext/standard/head.c

@@ -117,12 +117,13 @@ PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, t
 		 * pick an expiry date in the past
 		 */
 		dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, 1, 0 TSRMLS_CC);
-		snprintf(cookie, len + 100, "Set-Cookie: %s=deleted; expires=%s", name, dt);
+		snprintf(cookie, len + 100, "Set-Cookie: %s=deleted; expires=%s; Max-Age=0", name, dt);
 		efree(dt);
 	} else {
 		snprintf(cookie, len + 100, "Set-Cookie: %s=%s", name, value ? encoded_value : "");
 		if (expires > 0) {
 			const char *p;
+			char tsdelta[13];
 			strlcat(cookie, "; expires=", len + 100);
 			dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);
 			/* check to make sure that the year does not exceed 4 digits in length */
@@ -136,6 +137,10 @@ PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, t
 			}
 			strlcat(cookie, dt, len + 100);
 			efree(dt);
+
+			snprintf(tsdelta, sizeof(tsdelta), "%li", (long) difftime(expires, time(NULL)));
+			strlcat(cookie, "; Max-Age=", len + 100);
+			strlcat(cookie, tsdelta, len + 100);
 		}
 	}
 

ext/standard/tests/network/setcookie.phpt

@@ -0,0 +1,70 @@
+--TEST--
+setcookie() tests
+--DESCRIPTION--
+--INI--
+date.timezone=UTC
+--FILE--
+<?php
+setcookie('name');
+setcookie('name', 'value');
+setcookie('name', 'space value');
+setcookie('name', 'value', 0);
+setcookie('name', 'value', $tsp = time() + 5);
+setcookie('name', 'value', $tsn = time() - 6);
+setcookie('name', 'value', $tsc = time());
+setcookie('name', 'value', 0, '/path/');
+setcookie('name', 'value', 0, '', 'domain.tld');
+setcookie('name', 'value', 0, '', '', TRUE);
+setcookie('name', 'value', 0, '', '', FALSE, TRUE);
+
+
+$expected = array(
+	'Set-Cookie: name=',
+	'Set-Cookie: name=value',
+	'Set-Cookie: name=space+value',
+	'Set-Cookie: name=value',
+	'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsp).' GMT; Max-Age=5',
+	'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsn).' GMT; Max-Age=-6',
+	'Set-Cookie: name=value; expires='.date('D, d-M-Y H:i:s', $tsc).' GMT; Max-Age=0',
+	'Set-Cookie: name=value; path=/path/',
+	'Set-Cookie: name=value; domain=domain.tld',
+	'Set-Cookie: name=value; secure',
+	'Set-Cookie: name=value; httponly'
+);
+
+$headers = headers_list();
+if (($i = count($expected)) > count($headers))
+{
+	echo "Less headers are being sent than expected - aborting";
+	return;
+}
+
+do
+{
+	if (strncmp(current($headers), 'Set-Cookie:', 11) !== 0)
+	{
+		continue;
+	}
+
+	if (current($headers) === current($expected))
+	{
+		$i--;
+	}
+	else
+	{
+		echo "Header mismatch:\n\tExpected: "
+			.current($expected)
+			."\n\tReceived: ".current($headers)."\n";
+	}
+
+	next($expected);
+}
+while (next($headers) !== FALSE);
+
+echo ($i === 0)
+	? 'OK'
+	: 'A total of '.$i.' errors found.';
+--EXPECTHEADERS--
+
+--EXPECT--
+OK