News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ilia Alshanetsky's Blog:
httpOnly cookie flag support in PHP 5.2
August 11, 2006 @ 07:20:14

Ilia Alshanetsky has posted today about a new patch that's been applied to the PHP 5.2 source (in CVS) to include support for the "httpOnly" cookie flag in its cookie handling.

Thanks to a patch from Scott MacVicar that I've just applied to CVS, PHP 5.2 will have support for httpOnly cookie flag. This neat little feature allows you to mark a newly created cookie as HTTP only, another words inaccessible to browser based scripting languages such as JavaScript. This means it would become far more difficult, if not impossible to steal a user's cookie based session by injecting JavaScript into a page and then using to read cookies.

Definitely a most excellent development! He includes some code examples to show how it will be used, as a seventh parameter to the setcookie/setrawcookie functions (TRUE/FALSE). You can also use an ini_set to make the session cookie behave the same way.

Oh, and PHP4 and 5.1 users can do the same thing of thing, just not as elegantly, with a header call to Set-Cookie manually.

0 comments voice your opinion now!
cookie support httponly javascript setcookie setrawcookie session cookie support httponly javascript setcookie setrawcookie session


blog comments powered by Disqus

Similar Posts

The Northclick Blog: A comma is a comma is a comma...or is it?

Developer Tutorials Blog: Running background processes in PHP

ZendCon 2006 Notes: Best Practices for PHP Development

Davey Shafik\'s Blog: Debugging using Zend Server from Firefox

Carsten Lucke's Blog: Debugging PHP with free tools (PDT + XDebug2)


Community Events





Don't see your event here?
Let us know!


list api tips laravel install interview release language symfony series zendserver package library opinion introduction community podcast deployment update framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework