Incorrect session expiration time while winter/daylight saving time changes

[forrest79]

Version: 3.3.2

Bug Description

In DI we had set:

session:
    expiration: '+75 minutes' 

During last winter to daylight saving time change, we encounter this error in log PHP User Notice: The expiration time is greater than the session expiration 900 seconds in .../vendor/nette/http/src/Http/SessionSection.php:197.

This error appears at 01:45 (30.3.2025) and the last was at 01:59. Our setting is 75 minutes = 4500 second. Minus one hour, it is 900 seconds (from the error message). The error started 75 minutes before 3:00 and ended at 2:00 when the time was changed to 3:00.

I think the problem is in the vendor/nette/http/src/Http/Session.php -> setExpiration method.

$expire = Nette\Utils\DateTime::from($expire)->format('U') - time()

DateTime is handling correctly time change, but time() doesn't. For now, we try to fix this by setting expiration: '4500' that is in Nette\Utils\DateTime::from() used as numeric and is not converted via PHP DateTime.

Steps To Reproduce

Not sure how to simply simulate this without changing computer date/time.

Expected Behavior

I'm expecting correct expiration time during winter/daylight saving time change.

Possible Solution

Not sure.

[dg]

I can remove the check completely.

[forrest79]

Ok, but it doesn't solve, that expiration should be all the time 4500 seconds, but for 15 minutes it was only 900 seconds, right?

[JanTvrdik]

Another option would be to ignore the timezone configuration in PHP and compute the expiration always in UTC. Sth like

$nowUtc = new DateTimeImmutable('now', new DateTimeZone('UTC'));
$expireInSeconds = $nowUtc->modify($expire)->getTimestamp() - $nowUtc->getTimestamp();

[dg]

@JanTvrdik I don't think that timezone would have any influence in your example

Edit: tývolé, vůbec jsem netušil, že je v těch relativních časech taková prasárnička, žiju celý život v iluzi 🙈

[dg]

I think I'll fix Nette\Utils\DateTime to handle relative times more sanely.