Add a 'JAR.lifetime' param to set expiration in seconds

[sam2kb]

This code is from Base::set()

$jar=$this->unserialize($this->serialize($this->hive['JAR']));
$jar['expire']-=$time;
call_user_func_array('session_set_cookie_params',$jar);

Why would you subtract time, this makes JAR.expire value negative. Unless you add time() first, but why on Earth would one add time and then subtract it later.

[ikkez]

From the quick reference JAR

expire Unix timestamp, when the cookie should expire. Default: 0

So you had to set a unix timestamp to JAR.expire, which is usually greater than time(). In case of the session cookie parameter, this piece of code you've picked just converts the unix timestamp to a simple seconds-based lifetime value by substracting $time, which is necessary because the expire parameter in setcookie and session_set_cookie_params are different.

[sam2kb]

That's right, one can't just set expiration time in seconds in the config file

[JAR]
expire = 604800
domain = whatever.tld

Instead, this is why I have to to
$f3->set('JAR.expire', time()+604800);

So my question is why do we require Unix timestamp instead of time in seconds like in session_set_cookie_params

[sam2kb]

Ok I see now that JAR.expire is used elsewhere in the code as timestamp and we are not supposed to define this in text config.
Should we then have another lifetime param in seconds for use in config files?