Closed
Description
Symfony version(s) affected: 4.1.1
Description
The expire field of a Cookie object (accessible with getExpiresTime()) is used when calling setrawcookie.
From the PHP manual, if expire is 0, the cookie will expire at the end of the session (when the browser closes).
So, a cookie with expire set to 0 is valid. BTW isCleared returns true in this case.
How to reproduce
$cookie = new Symfony\Component\HttpFoundation\Cookie('foo', 'bar');
var_export($cookie->isCleared());
$cookie = new Symfony\Component\HttpFoundation\Cookie('foo', 'bar', 0);
var_export($cookie->isCleared());it should be false in both cases, but it is true.
Possible Solution
Patch the isCleared method, changing from
return $this->expire < time();to
return 0 !== $this->expire && $this->expire < time();