News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ilia Alshanetsky's Blog:
httpOnly cookie flag support in PHP 5.2
August 11, 2006 @ 07:20:14

Ilia Alshanetsky has posted today about a new patch that's been applied to the PHP 5.2 source (in CVS) to include support for the "httpOnly" cookie flag in its cookie handling.

Thanks to a patch from Scott MacVicar that I've just applied to CVS, PHP 5.2 will have support for httpOnly cookie flag. This neat little feature allows you to mark a newly created cookie as HTTP only, another words inaccessible to browser based scripting languages such as JavaScript. This means it would become far more difficult, if not impossible to steal a user's cookie based session by injecting JavaScript into a page and then using to read cookies.

Definitely a most excellent development! He includes some code examples to show how it will be used, as a seventh parameter to the setcookie/setrawcookie functions (TRUE/FALSE). You can also use an ini_set to make the session cookie behave the same way.

Oh, and PHP4 and 5.1 users can do the same thing of thing, just not as elegantly, with a header call to Set-Cookie manually.

0 comments voice your opinion now!
cookie support httponly javascript setcookie setrawcookie session cookie support httponly javascript setcookie setrawcookie session


blog comments powered by Disqus

Similar Posts

Evert Pot's Blog: Integrating with Zend's OpenID

We Love PHP Blog: Using V8 Javascript engine as a PHP extension

Jonnay's Blog: PHP vs. Javascript: A shit vs. poo fight.

Community News: Laracon EU 2013 Session Videos Posted

Zend Developer Zone: The ZendCon Sessions Episode 2: Best Practices for Sending Mail from PHP


Community Events





Don't see your event here?
Let us know!


release unittest list code homestead interview community api library install language introduction wordpress developer configure threedevsandamaybe laravel podcast series application

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework