[eluser]WanWizard[/eluser]
In the session class, the expiry of the session cookie is defined as current server time + the defined expiry.
The PHP function Setcookie() is then used to create the cookie, which does a local time to GMT conversion.
Browsers however check the cookie expiry time against their local time, which can be different from the server time.
This poses an issue if there is more time between the server and the client than the defined expiration time. This causes the cookie to arrive at the browser with a time in the past, causing the cookie to expire immediately.
Solution, replace:
Code:
// Set the cookie
setcookie(
$this->sess_cookie_name,
$cookie_data,
$this->sess_expiration + time(),
$this->cookie_path,
$this->cookie_domain,
0
);
by
Code:
// Determine the expiration time
if ( $this->sess_expiration == 0 )
{
// support end-of-session expiry too...
$expiration = 0;
}
else
{
$expiration = now() + $this->sess_expiration;
}
// Set the cookie manually to work around setcookie() local timestamp problem
header("Set-Cookie: ".$this->sess_cookie_name."=".$cookie_data."; path=".$this->cookie_path."; domain=".$this->cookie_domain."; expires=".($expiration==0?"0":(date("D, d-M-Y H:i:s",$expiration)." GMT")));
