Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Jochen Hansper wrote: The indexed array 'parameters' is expected to be: array( {int|string} expires [, string path [, domain [, bool secure [,bool httponly ) Why not like this? array( 'expires' = ..., 'path' = ..., 'domain = ..., 'secure' = ..., 'httponly' = ... ); This was the

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Hello, as suggested by Andi and Nuno, setcookie() and setrawcookie() should not take more than six parameters. Overloading the function with an array as the third parameter is preferred. The patch in the attachment considers these suggestions. To not break compatibility with existing code, the

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Jochen Hansper wrote: The indexed array 'parameters' is expected to be: array( {int|string} expires [, string path [, domain [, bool secure [,bool httponly ) Why not like this? array( 'expires' = ..., 'path' = ..., 'domain = ..., 'secure' = ...,

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Hi Jochen, On Sunday 26 June 2005 22:09, Jochen Hansper wrote: setcookie(test,101,mktime()+60*60,/,localhost,1) setcookie(test,101,array(mktime()+60*60,/,localhost,1)) setcookie(test,101,array(0:0:0:1:0:0,/,localhost,1)) setcookie(test,101,array(:::1,/,localhost,1)) I'd prefer if the index

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Seems to be a good idea, but not for PHP 4 (closed for new features). Official description: http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp Nuno - Original Message - Hello Marcus, patches for official php-4.3.11 release in attachment... (diff -Naur) Jochen

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Provide the patch against CVS HEAD branch. (either get the sources via CVS or as snapshot from http://snaps.php.net) --Jani On Thu, 23 Jun 2005, Jochen Hansper wrote: Hello Marcus, patches for official php-4.3.11 release in attachment... (diff -Naur) Jochen

[PHP-DEV] httpOnly Cookies [tiny enhancement]

Hi, Internet Explorer 6 SP1 supports the cookie attribute httponly which prevents reading cookies from JavaScript or the like. This can help to mitigate XSS session hijacking. Browsers not supporting this cookie attribute are not disturbed if it is present. AFAIK PHP does not support httponly

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Hello Jochen, please resend your patch as unified patch (cvs di -u). marcus Thursday, June 23, 2005, 2:03:24 AM, you wrote: Hi, Internet Explorer 6 SP1 supports the cookie attribute httponly which prevents reading cookies from JavaScript or the like. This can help to mitigate XSS

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Hi, I'm sorry, I didn't even see that this is for sessions! :-/ Nevermind... Matt - Original Message - From: Matt W [EMAIL PROTECTED] Sent: Wednesday, June 22, 2005 7:36 PM Subject: Re: [PHP-DEV] httpOnly Cookies [tiny enhancement] Hi, Supporting the httpOnly thing is good

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Hello Marcus, patches for official php-4.3.11 release in attachment... (diff -Naur) Jochen [php_session.h.patch; session.c.patch] Am Donnerstag, den 23.06.2005, 02:15 +0200 schrieb Marcus Boerger: Hello Jochen, please resend your patch as unified patch (cvs di -u). marcus