0
0
PHPprogramming~20 mins

Cookie expiration and security in PHP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Cookie Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
What is the output of this PHP code regarding cookie expiration?
Consider the following PHP code snippet that sets a cookie. What will be the expiration time of the cookie relative to the current time?
PHP
<?php
setcookie('user', 'Alice', time() + 3600);
echo $_COOKIE['user'] ?? 'No cookie';
?>
AThe cookie expires in 1 hour from now.
BThe cookie expires immediately.
CThe cookie expires in 3600 seconds from the Unix epoch (1970).
DThe cookie never expires.
Attempts:
2 left
💡 Hint
Remember that time() returns the current Unix timestamp in seconds.
Predict Output
intermediate
2:00remaining
What will this PHP code output regarding cookie security flags?
Look at this PHP code that sets a cookie with security flags. What will be the effect of the 'secure' and 'httponly' flags?
PHP
<?php
setcookie('session', 'abc123', time() + 600, '/', '', true, true);
echo 'Cookie set';
?>
AThe cookie is sent over HTTP and HTTPS and accessible to JavaScript.
BThe cookie is sent only over HTTPS and is inaccessible to JavaScript.
CThe cookie is sent only over HTTP and accessible to JavaScript.
DThe cookie is sent over HTTPS but accessible to JavaScript.
Attempts:
2 left
💡 Hint
The last two boolean arguments in setcookie control 'secure' and 'httponly' flags.
🔧 Debug
advanced
2:00remaining
Why does this PHP cookie not expire as expected?
This PHP code tries to set a cookie that expires in 10 seconds, but the cookie never expires. What is the problem?
PHP
<?php
setcookie('temp', 'value', 10);
?>
AThe cookie path is missing, causing the cookie to never expire.
BThe expiration time should be a relative number, not an absolute timestamp.
CThe cookie name is invalid, so expiration is ignored.
DThe expiration time is set to 10 seconds after Unix epoch, which is in the past, so the cookie is deleted immediately.
Attempts:
2 left
💡 Hint
The expiration time must be a Unix timestamp in the future.
🧠 Conceptual
advanced
1:30remaining
Which cookie attribute improves security by restricting cookie access to same-site requests?
Which cookie attribute helps prevent cross-site request forgery (CSRF) by restricting cookie sending to same-site requests only?
ASameSite
BPath
CSecure
DHttpOnly
Attempts:
2 left
💡 Hint
This attribute controls when cookies are sent with cross-site requests.
Predict Output
expert
2:30remaining
What is the output of this PHP code regarding cookie deletion?
This PHP code attempts to delete a cookie. What will be the output and effect?
PHP
<?php
setcookie('user', '', time() - 3600);
if (!isset($_COOKIE['user'])) {
    echo 'Cookie deleted';
} else {
    echo 'Cookie still exists';
}
?>
AOutputs 'Cookie deleted' because the cookie is removed immediately.
BSyntax error due to missing parameters in setcookie.
COutputs 'Cookie still exists' because $_COOKIE is not updated until next request.
DOutputs nothing because headers cannot be sent after output.
Attempts:
2 left
💡 Hint
Remember that $_COOKIE reflects the cookies sent by the browser in the current request.