Hello,
as suggested by Andi and Nuno, setcookie() and setrawcookie() should not
take more than six parameters. Overloading the function with an array as
the third parameter is preferred.
The patch in the attachment considers these suggestions.
To not break compatibility with existing code, the
Hello,
>Jani: Provide the patch against CVS HEAD branch.
You can find the patches for httpOnly session cookies against the PHP5
CVS HEAD in the attachment.
Now also included is support for httpOnly cookies for PHP functions
setcookie() and setrawcookie().
bool setcookie ( string name [, string
Hello Marcus,
patches for official php-4.3.11 release in attachment... (diff -Naur)
Jochen
[php_session.h.patch; session.c.patch]
Am Donnerstag, den 23.06.2005, 02:15 +0200 schrieb Marcus Boerger:
> Hello Jochen,
>
> please resend your patch as unified patch (cvs di -u).
>
> marcus
>
> T
Hi,
Internet Explorer 6 SP1 supports the cookie attribute "httponly" which
prevents reading cookies from JavaScript or the like. This can help to
mitigate XSS session hijacking. Browsers not supporting this cookie
attribute are not disturbed if it is present.
AFAIK PHP does not support httponly c
