Hi all, I've found something I think is a bit interesting, wondering if anyone has any insight on the following.
I have a log in/private section where a cookie is set upon successful login credentials. I also have a "remember me" option so the user won't have to log back in if they revisit before the cookie expires.
I'm setting my session cookie to expire on browser close (which seems to work fine for browsers other than Firefox) as follows:
My cookie for my "remember me" option is as follows:
setcookie('access'); //transient cookie, expires when browser closes
The login page checks for the cookie, if it isn't set, it redirects the user.
setcookie('access', md5(uniqid(rand())), time()+60); //EXPIRES IN ONE SECOND FOR TESTING
With the "remember me" option checked on login, you can refresh the protected page for 1 minute (then the cookie expires). After that, you're redirected. This works fine.
Without the "remember me" option, if I quit/relaunch Firefox, the cookie persists. If I view the cookie information, it says:
Expires: At End Of Session
To get it to work in Firefox, I have to close that browser tab, then quit/relaunch Firefox, then try to access my protected page directly via url (in which case I'm redirected).
If I quit Firefox with the protected page tab open, then relaunch, Firefox appears to not delete session cookies. Have other people experienced this and is this expected behavior in Firefox?
My Firefox Cookies settings are:
* Accept cookies from sites
* Accept third-party cookies
* Keep until: they expire
I think these are the default settings, I don't think I've changed them, but can't be 100% sure.