Lets say I want the cookie to hold for a year. Would I have to write it like this:
setcookie("coo", $you, time()+(60 * 60 * 24 * 365), "/", 'xyz.com', isset($_SERVER["HTTPS"]), true);
Is it even legal in EU to place year long cookies into user's browsers?
From the spec:
Although servers can set the expiration date for cookies to the distant future, most user agents do not actually retain cookies for multiple decades. Rather than choosing gratuitously long expiration periods, servers SHOULD promote user privacy by selecting reasonable cookie expiration periods based on the purpose of the cookie. For example, a typical session identifier might reasonably be set to expire in two weeks.
The ePrivacy directive:
requires prior informed consent for storage ofor access to information stored on a user's terminal equipment. In other words, you must ask users if they agreeto [sic] most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them.
I don't believe it makes any mention of duration.
IANAL; don't take legal advice from "some guy on the Internet".