|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patchesbug77512.patch (last revision 2019-02-13 12:55 UTC by yohgaki at ohgaki dot net)Pull RequestsHistoryAllCommentsChangesGit/SVN commits
[2019-02-13 12:57 UTC] yohgaki@php.net
-Status: Open
+Status: Verified
[2019-02-13 12:57 UTC] yohgaki@php.net
[2019-02-13 13:02 UTC] yohgaki@php.net
[2019-02-13 13:02 UTC] pmmaga@php.net
[2019-02-13 13:35 UTC] pmmaga@php.net
[2019-02-14 09:28 UTC] nikic@php.net
-Assigned To:
+Assigned To: nikic
[2019-02-14 09:44 UTC] nikic@php.net
[2019-02-14 09:44 UTC] nikic@php.net
-Status: Verified
+Status: Closed
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Oct 31 18:00:01 2025 UTC |
Description: ------------ If I call setcookie(string $name, string $value, array $options) with all of options passed (expires, path, domain, secure, httponly, samesite), PHP generates incorrect Set-Cookie HTTP header: SameSite parameter is empty if I set "Lax", or "Str" if I set "Strict". But if I miss, for example, one option for setcookie (let it be "path"), everything is fine. This behavior doesn't depend on cookie value length. Test script: --------------- setcookie('key', 'value', [ 'expires' => time() + 31536000, 'path' => '/', 'domain' => 'example.com', 'secure' => true, 'httponly' => true, 'samesite' => 'Lax' ]); // Expected: // Set-Cookie: key=value; expires=Thu, 13-Feb-2020 12:06:47 GMT; Max-Age=31536000; path=/; domain=example.com; secure; HttpOnly; SameSite=Lax // Actual: // Set-Cookie: key=value; expires=Thu, 13-Feb-2020 12:06:47 GMT; Max-Age=31536000; path=/; domain=example.com; secure; HttpOnly; SameSite=