Jochen Hansper wrote:
The indexed array 'parameters' is expected to be:
array( {int|string} expires [, string path [, domain [, bool secure
[,bool httponly )
Why not like this?
array(
'expires' = ...,
'path' = ...,
'domain = ...,
'secure' = ...,
'httponly' = ...
);
This was the
Hello,
as suggested by Andi and Nuno, setcookie() and setrawcookie() should not
take more than six parameters. Overloading the function with an array as
the third parameter is preferred.
The patch in the attachment considers these suggestions.
To not break compatibility with existing code, the
Jochen Hansper wrote:
The indexed array 'parameters' is expected to be:
array( {int|string} expires [, string path [, domain [, bool secure [,bool
httponly )
Why not like this?
array(
'expires' = ...,
'path' = ...,
'domain = ...,
'secure' = ...,
Hi Jochen,
On Sunday 26 June 2005 22:09, Jochen Hansper wrote:
setcookie(test,101,mktime()+60*60,/,localhost,1)
setcookie(test,101,array(mktime()+60*60,/,localhost,1))
setcookie(test,101,array(0:0:0:1:0:0,/,localhost,1))
setcookie(test,101,array(:::1,/,localhost,1))
I'd prefer if the index
Seems to be a good idea, but not for PHP 4 (closed for new features).
Official description:
http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp
Nuno
- Original Message -
Hello Marcus,
patches for official php-4.3.11 release in attachment... (diff -Naur)
Jochen
Provide the patch against CVS HEAD branch.
(either get the sources via CVS or as snapshot from http://snaps.php.net)
--Jani
On Thu, 23 Jun 2005, Jochen Hansper wrote:
Hello Marcus,
patches for official php-4.3.11 release in attachment... (diff -Naur)
Jochen
Hi,
Internet Explorer 6 SP1 supports the cookie attribute httponly which
prevents reading cookies from JavaScript or the like. This can help to
mitigate XSS session hijacking. Browsers not supporting this cookie
attribute are not disturbed if it is present.
AFAIK PHP does not support httponly
Hello Jochen,
please resend your patch as unified patch (cvs di -u).
marcus
Thursday, June 23, 2005, 2:03:24 AM, you wrote:
Hi,
Internet Explorer 6 SP1 supports the cookie attribute httponly which
prevents reading cookies from JavaScript or the like. This can help to
mitigate XSS
Hi,
I'm sorry, I didn't even see that this is for sessions! :-/ Nevermind...
Matt
- Original Message -
From: Matt W [EMAIL PROTECTED]
Sent: Wednesday, June 22, 2005 7:36 PM
Subject: Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]
Hi,
Supporting the httpOnly thing is good
Hello Marcus,
patches for official php-4.3.11 release in attachment... (diff -Naur)
Jochen
[php_session.h.patch; session.c.patch]
Am Donnerstag, den 23.06.2005, 02:15 +0200 schrieb Marcus Boerger:
Hello Jochen,
please resend your patch as unified patch (cvs di -u).
marcus
10 matches
Mail list logo