News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Ilia Alshanetsky's Blog:
httpOnly cookie flag support in PHP 5.2
August 11, 2006 @ 07:20:14

Ilia Alshanetsky has posted today about a new patch that's been applied to the PHP 5.2 source (in CVS) to include support for the "httpOnly" cookie flag in its cookie handling.

Thanks to a patch from Scott MacVicar that I've just applied to CVS, PHP 5.2 will have support for httpOnly cookie flag. This neat little feature allows you to mark a newly created cookie as HTTP only, another words inaccessible to browser based scripting languages such as JavaScript. This means it would become far more difficult, if not impossible to steal a user's cookie based session by injecting JavaScript into a page and then using to read cookies.

Definitely a most excellent development! He includes some code examples to show how it will be used, as a seventh parameter to the setcookie/setrawcookie functions (TRUE/FALSE). You can also use an ini_set to make the session cookie behave the same way.

Oh, and PHP4 and 5.1 users can do the same thing of thing, just not as elegantly, with a header call to Set-Cookie manually.

0 comments voice your opinion now!
cookie support httponly javascript setcookie setrawcookie session cookie support httponly javascript setcookie setrawcookie session



Community Events





Don't see your event here?
Let us know!


laravel interview opinion introduction community symfony artisanfiles conference language series voicesoftheelephpant list version framework library security release podcast composer tool

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework