Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Jochen Hansper wrote: The indexed array 'parameters' is expected to be: array( {int|string} expires [, string path [, domain [, bool secure [,bool httponly ) Why not like this? array( 'expires' => ..., 'path' => ..., 'domain => ..., 'secure' => ..., 'httponly' => ... ); This was the a

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Hi Jochen, On Sunday 26 June 2005 22:09, Jochen Hansper wrote: > setcookie("test","101",mktime()+60*60,"/","localhost",1) > setcookie("test","101",array(mktime()+60*60,"/","localhost",1)) > setcookie("test","101",array("0:0:0:1:0:0","/","localhost",1)) > setcookie("test","101",array(":::1","/","lo

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Jochen Hansper wrote: > The indexed array 'parameters' is expected to be: > > array( {int|string} expires [, string path [, domain [, bool secure [,bool > httponly ) Why not like this? array( 'expires' => ..., 'path' => ..., 'domain => ..., 'secure' => ...,

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Hello, as suggested by Andi and Nuno, setcookie() and setrawcookie() should not take more than six parameters. Overloading the function with an array as the third parameter is preferred. The patch in the attachment considers these suggestions. To not break compatibility with existing code, the

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Provide the patch against CVS HEAD branch. (either get the sources via CVS or as snapshot from http://snaps.php.net) --Jani On Thu, 23 Jun 2005, Jochen Hansper wrote: Hello Marcus, patches for official php-4.3.11 release in attachment... (diff -Naur) Jochen [php_session.h.patc

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Seems to be a good idea, but not for PHP 4 (closed for new features). Official description: http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp Nuno - Original Message - Hello Marcus, patches for official php-4.3.11 release in attachment... (diff -Naur) Jochen [p

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Hello Marcus, patches for official php-4.3.11 release in attachment... (diff -Naur) Jochen [php_session.h.patch; session.c.patch] Am Donnerstag, den 23.06.2005, 02:15 +0200 schrieb Marcus Boerger: > Hello Jochen, > > please resend your patch as unified patch (cvs di -u). > > marcus > > T

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Hi, I'm sorry, I didn't even see that this is for sessions! :-/ Nevermind... Matt - Original Message - From: "Matt W" <[EMAIL PROTECTED]> Sent: Wednesday, June 22, 2005 7:36 PM Subject: Re: [PHP-DEV] httpOnly Cookies [tiny enhancement] > Hi, > &g

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

]> Sent: Wednesday, June 22, 2005 7:03 PM Subject: [PHP-DEV] httpOnly Cookies [tiny enhancement] > Hi, > > Internet Explorer 6 SP1 supports the cookie attribute "httponly" which > prevents reading cookies from JavaScript or the like. This can help to > mitigate XSS session

Re: [PHP-DEV] httpOnly Cookies [tiny enhancement]

Hello Jochen, please resend your patch as unified patch (cvs di -u). marcus Thursday, June 23, 2005, 2:03:24 AM, you wrote: > Hi, > Internet Explorer 6 SP1 supports the cookie attribute "httponly" which > prevents reading cookies from JavaScript or the like. This can help to > mitigate XSS s

[PHP-DEV] httpOnly Cookies [tiny enhancement]

Hi, Internet Explorer 6 SP1 supports the cookie attribute "httponly" which prevents reading cookies from JavaScript or the like. This can help to mitigate XSS session hijacking. Browsers not supporting this cookie attribute are not disturbed if it is present. AFAIK PHP does not support httponly c