News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ilia Alshanetsky's Blog:
httpOnly cookie flag support in PHP 5.2
August 11, 2006 @ 07:20:14

Ilia Alshanetsky has posted today about a new patch that's been applied to the PHP 5.2 source (in CVS) to include support for the "httpOnly" cookie flag in its cookie handling.

Thanks to a patch from Scott MacVicar that I've just applied to CVS, PHP 5.2 will have support for httpOnly cookie flag. This neat little feature allows you to mark a newly created cookie as HTTP only, another words inaccessible to browser based scripting languages such as JavaScript. This means it would become far more difficult, if not impossible to steal a user's cookie based session by injecting JavaScript into a page and then using to read cookies.

Definitely a most excellent development! He includes some code examples to show how it will be used, as a seventh parameter to the setcookie/setrawcookie functions (TRUE/FALSE). You can also use an ini_set to make the session cookie behave the same way.

Oh, and PHP4 and 5.1 users can do the same thing of thing, just not as elegantly, with a header call to Set-Cookie manually.

0 comments voice your opinion now!
cookie support httponly javascript setcookie setrawcookie session cookie support httponly javascript setcookie setrawcookie session


blog comments powered by Disqus

Similar Posts

PHP.net: PHP 4.4.6 Released

David Coallier's Blog: Namespaces part 4.1 (What namespaces don't fix (part 1))

PHPWomen.org: PHPWomen ZendCon Unconference: "Women in IT"

Community News: jPOP Framework - Javascript & PHP

PHP Thinktank Blog: AJAX with Elazar (IRC Talk Series)


Community Events

Don't see your event here?
Let us know!


interview introduction voicesoftheelephpant laravel5 community laravel wordpress series podcast threedevsandamaybe feature release development api library language framework unittest extension opinion

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework