Sometimes we may wonder that,
How can a client (browser) set the correct expiry time of a cookie even though there is a difference between client time and server time?
Server Time: 21-Jan-2011 10:00:00 GMT
Client Time: 21-Jan-2012 10:00:00 GMT
(Note the 1 year difference between client and server times)
Now consider a scenario where server tells the client to store a cookie for the next 15 minutes.
So according to server’s time, the expiry time of the cookie will be 21-Jan-2011 10:15:00 GMT.
But the problem is client’s is already in the year 2012.
So how will client understand such an instruction from the server?
Answer to this lies in the response header passed by the server to the client.
Sample response header: (This is what the client gets from the server)
HTTP/1.1 200 OK
Date: Fri, 21 Jan 2011 10:00:00 GMT
Set-Cookie: username=abc, expires=Fri, 21-Jan-2011 10:15:00 GMT
So as visible from the above response from server, it sends its time along with the cookie expiry time.
From both these times, it is very easy for the client to calculate the expiry time of the cookie and set it relative to client’s own time.
(In this example the server wants client to preserve the cookie for the next 15 minutes)
Hope it helps clear some doubts.