Jon Anderson writes:
> I won't argue that this behavior should probably be documented with
> $_COOKIE, but it is documented with it's counterpart, setcookie: "Note
> that the value portion of the cookie will automatically be urlencoded
> when you send the cookie, and when it is received, it is
On Sat, 2007-02-10 at 17:01 -0600, Fletcher Mattox wrote:
> Robert Cummings writes:
>
> > But isn't the sender and receiver usually one and the same. I mean your
> > PHP application is usually what set the cookie in the first place. Then
> > you receive it in the very same PHP application.
>
> N
Robert Cummings writes:
> But isn't the sender and receiver usually one and the same. I mean your
> PHP application is usually what set the cookie in the first place. Then
> you receive it in the very same PHP application.
No! Not in this case. The first sentence in my original message was:
Myron Turner wrote:
Jon Anderson wrote:
Fletcher Mattox wrote:
In terms of the behavior, I think it makes total sense. The only case
where it would ever bite you is yours (which is rare because most
people wouldn't mix perl and PHP in the same system).
I'm not going to get into the middle o
Jon Anderson wrote:
Fletcher Mattox wrote:
In terms of the behavior, I think it makes total sense. The only case
where it would ever bite you is yours (which is rare because most
people wouldn't mix perl and PHP in the same system).
I'm not going to get into the middle of the base64 argument
Fletcher Mattox wrote:
Actually, wouldn't you say it is left up to whoever is sending the cookie?
But more on that later.
It is totally left up to the user with PHP as well, but you agree with
that (grudgingly) later. There is no way that you can argue the fact
that there are two mechanisms.
On Fri, 2007-02-09 at 20:38 -0600, Fletcher Mattox wrote:
> Robert Cummings writes:
>
> > Dear numnutz, get off your lazy arse and read the doc for yourself:
> >
> > http://wp.netscape.com/newsref/std/cookie_spec.html
> >
> > It clearly states:
> >
> > NAME=VALUE
> > This string is a seq
Robert Cummings writes:
> Dear numnutz, get off your lazy arse and read the doc for yourself:
>
> http://wp.netscape.com/newsref/std/cookie_spec.html
>
> It clearly states:
>
> NAME=VALUE
> This string is a sequence of characters excluding semi-colon, comma and
> white space. If there is
# [EMAIL PROTECTED] / 2007-02-08 15:23:45 -0600:
> Robert Cummings writes:
> > If val can be any value then it can also be:
> >
> > expires=time; path=/path/
> >
> > Obviously, that would be an issue since that's part of the cookie
> > parameters. As such, it needs to be encoded. Now go away
On Thu, 2007-02-08 at 15:23 -0600, Fletcher Mattox wrote:
> Robert Cummings writes:
>
> > On Thu, 2007-02-08 at 13:51 -0600, Fletcher Mattox wrote:
> > > Jon Anderson writes:
> > >
> > > > Cookies must be encoded somehow: Because a raw cookie will contain
> > > > "var=val; expires=time; path=/pa
Robert Cummings writes:
> On Thu, 2007-02-08 at 13:51 -0600, Fletcher Mattox wrote:
> > Jon Anderson writes:
> >
> > > Cookies must be encoded somehow: Because a raw cookie will contain
> > > "var=val; expires=time; path=/path/" type stuff, PHP would *have* to
> > > encode it.
> >
> > I don't
On Thu, 2007-02-08 at 13:51 -0600, Fletcher Mattox wrote:
> Jon Anderson writes:
>
> > Cookies must be encoded somehow: Because a raw cookie will contain
> > "var=val; expires=time; path=/path/" type stuff, PHP would *have* to
> > encode it.
>
> I don't mean to be thick, Jon, but I don't under
Jon Anderson writes:
> Cookies must be encoded somehow: Because a raw cookie will contain
> "var=val; expires=time; path=/path/" type stuff, PHP would *have* to
> encode it.
I don't mean to be thick, Jon, but I don't understand why it has to be
encoded at all. Are you saying that the "path=/p
Fletcher Mattox wrote:
I have learned that apparently PHP silently runs urldecode()
on all cookies before copying them into the $_COOKIE variable, under
the assumption that all cookies have been urlencoded.
This seems like a bad assumption to me, and is perhaps an attempt to be
consistent with $
;t find it.
Morale: always get your cookies from $_SERVER["HTTP_COOKIE"], and *not*
from $_COOKIE.
Thanks again,
Fletcher
-Original Message-
> From [EMAIL PROTECTED] Wed Feb 7 14:21:14 2007
> To:
> From: <[EMAIL PROTECTED]>
> Subject: RE: [PHP] base64-en
tion.rawurlencode.php
-TG
= = = Original message = = =
> -Original Message-
> From: Fletcher Mattox [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 07, 2007 2:49 PM
> To: php-general@lists.php.net
> Subject: Re: [PHP] base64-encoding in cookies?
>
> I wrote:
>
> -Original Message-
> From: Fletcher Mattox [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 07, 2007 2:49 PM
> To: php-general@lists.php.net
> Subject: Re: [PHP] base64-encoding in cookies?
>
> I wrote:
>
> > A campus web server (not under my cont
On Wed, 2007-02-07 at 13:49 -0600, Fletcher Mattox wrote:
> I wrote:
>
> > A campus web server (not under my control) returns an authentication
> > string in a cookie named AUTH. The cookie's value is an encrypted,
> > base64 encoded string. Unfortunately, when I examine $_COOKIE['AUTH'],
> > it
I wrote:
> A campus web server (not under my control) returns an authentication
> string in a cookie named AUTH. The cookie's value is an encrypted,
> base64 encoded string. Unfortunately, when I examine $_COOKIE['AUTH'],
> it is clear that all of the '+' characters have been replaced with a ' '
Hello Fletcher Mattox,
urlencode the string before set the cookie
or
replace array(' ',urlencode('/')) to array('+','/')
Best regards,
=== At 2007-02-07, 15:59:13 you wrote: ===
>Hi,
>
>A campus web server (not under my control) returns an authentication
>string in a cookie
20 matches
Mail list logo
