php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #44050 Multiple 'Cookie: ' headers incorrectly parsed
Submitted: 2008-02-05 17:37 UTC Modified: 2008-02-07 09:05 UTC
Votes:3
Avg. Score:4.0 ± 0.8
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:2 (66.7%)
From: a dot candle at gmail dot com Assigned:
Status: Not a bug Package: Unknown/Other Function
PHP Version: 5.2.5 OS: slackware/debian
Private report: No CVE-ID: None
View Developer Edit
 [2008-02-05 17:37 UTC] a dot candle at gmail dot com 
Description:
------------
When a client sends multiple 'Cookie' headers they appear to be parsed incorrectly.


What I believe is happening is that the value part of the cookie headers (after the ': ') are being concaternated with a comma rather then a semicolon. Then (as per the cookie spec: http://wp.netscape.com/newsref/std/cookie_spec.html) the resulting string is being split on semicolon, resulting in the broken cookie values.

Reproduce code:
---------------
php code:

<?php
setcookie("a", "aaaa");
setcookie("b", "bbbb");
setcookie("c", "cccc");
var_dump($_COOKIE);
?>

headers sent by client: (on the second request)

"Cookie: $Version=0; a=aaaa\r\n"
"Cookie: $Version=0; b=bbbb\r\n"
"Cookie: $Version=0; c=bbbb\r\n"


Expected result:
----------------
array(4) {
  ["$Version"]=>
  string(1) "0"
  ["a"]=>
  string(4) "aaaa"
  ["b"]=>
  string(4) "bbbb"
  ["c"]=>
  string(4) "cccc"
}

Actual result:
--------------
resulting output:

array(4) {
  ["$Version"]=>
  string(1) "0"
  ["a"]=>
  string(16) "aaaa, $Version=0"
  ["b"]=>
  string(16) "bbbb, $Version=0"
  ["c"]=>
  string(4) "cccc"
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-02-05 20:31 UTC] msaraujo@php.net 
Hello,

I have not been able to reproduce your issue. Can you please give us more feedback about that?
 [2008-02-05 21:53 UTC] pfx-bugs dot php dot net at goeswhere dot com 
This can be reproduced by, for example (with the above test-case as http://localhost/pro.php):
faux@jimi:~% echo -e 'GET /pro.php HTTP/1.1\r\nHost: localhost\r\nCookie: $Version=0; a=aaaa\r\nCookie: $Version=0; b=bbbb\r\nCookie: $Version=0; c=bbbb\r\nConnection: close\r\n' | nc localhost 80
HTTP/1.1 200 OK
Date: Tue, 05 Feb 2008 21:51:41 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch10
X-Powered-By: PHP/5.2.0-8+etch10
Set-Cookie: a=aaaa
Set-Cookie: b=bbbb
Set-Cookie: c=cccc
Content-Length: 160
Connection: close
Content-Type: text/html; charset=UTF-8

array(4) {
  ["$Version"]=>
  string(1) "0"
  ["a"]=>
  string(16) "aaaa, $Version=0"
  ["b"]=>
  string(16) "bbbb, $Version=0"
  ["c"]=>
  string(4) "bbbb"
}

faux@jimi:~%
 [2008-02-06 18:37 UTC] msaraujo@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

Hello,

Please check the following report: 
http://bugs.php.net/bug.php?id=32827

Thanks
 [2008-02-06 18:49 UTC] jani@php.net 
See also Feature request http://bugs.php.net/bug.php?id=32860
 [2008-02-07 09:05 UTC] rasmus@php.net 
I am curious, which client/browser are you using that is sending back this $Version=0; stuff when that isn't in your original setcookie() call?  That seems very odd to me.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jul 02 04:01:38 2025 UTC