News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ilia Alshanetsky's Blog:
httpOnly cookie flag support in PHP 5.2
August 11, 2006 @ 07:20:14

Ilia Alshanetsky has posted today about a new patch that's been applied to the PHP 5.2 source (in CVS) to include support for the "httpOnly" cookie flag in its cookie handling.

Thanks to a patch from Scott MacVicar that I've just applied to CVS, PHP 5.2 will have support for httpOnly cookie flag. This neat little feature allows you to mark a newly created cookie as HTTP only, another words inaccessible to browser based scripting languages such as JavaScript. This means it would become far more difficult, if not impossible to steal a user's cookie based session by injecting JavaScript into a page and then using to read cookies.

Definitely a most excellent development! He includes some code examples to show how it will be used, as a seventh parameter to the setcookie/setrawcookie functions (TRUE/FALSE). You can also use an ini_set to make the session cookie behave the same way.

Oh, and PHP4 and 5.1 users can do the same thing of thing, just not as elegantly, with a header call to Set-Cookie manually.

0 comments voice your opinion now!
cookie support httponly javascript setcookie setrawcookie session cookie support httponly javascript setcookie setrawcookie session


blog comments powered by Disqus

Similar Posts

Felix Geisendorfer's Blog: How to oraganize your CakePHP App's Javascript II

Ed Finkler's Blog: What Matt Mullenweg doesn't know about PHP5, and how it hurts him and his users

Zend Developer Zone: Trick-out Your Session Handler

Michael Feichtinger's Blog: HTML5 WebSockets Example

Ibuildings techPortal: DPC Sessions and Slides


Community Events











Don't see your event here?
Let us know!


unittest overview facebook package performance hhvm install language release symfony2 framework podcast composer component opinion security introduction hack application code

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework