Cookies may be created with an expiration time. It may become necessary to expire a cookie before the expiration time such as when a user logs out of a cookie-based authentication web application. This tech-recipe describes expiring a cookie.
Expiring a cookie uses the same command as creating a cookie. The cookie value is left blank, and the expiration time needs to be in the past. To expire the cookie ‘user,’ use the following:
setcookie('user','',1);
The second parameter is the cookie value and is set to blank with the double quotes. The third parameter is the expiration time. A value of zero here indicates that the cookie is to remain valid until the browser is closed. A positive value indicates the time at which the cookie is to expire. Many sources indicate using something as follows:
setcookie('user','',time()-3600)
This sets the expiration time 3600 seconds (one hour) in the past. The trick is that this references the time on the server while the cookie expiration is dependent on the time of the host running the browser. If there is a mismatch of time between the two hosts, it is possible that a cookie may not expire. However, using a time of ‘1’ indicates an expiration time of one second after midnight, January 1st, 1970, which is the earliest possible expiration time.
