PHP :: Bug #48630 :: cookie not set if $domain is given as input

Bug #48630	cookie not set if $domain is given as input
Submitted:	2009-06-21 20:01 UTC	Modified:	2009-07-11 12:01 UTC
From:	sigurdne at online dot no	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	5.3CVS-2009-06-21 (snap)	OS:	ubuntu 9.04
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	sigurdne at online dot no
New email:
PHP Version:		OS:

New/Additional Comment:

[2009-06-21 20:01 UTC] sigurdne at online dot no

Description:
------------
The cookie is not set if $domain is set in either of session_set_cookie_params() and setcookie().

Reproduce code:
---------------
Fail:
session_set_cookie_params(0, $path, $domain, $secure,true);

Work:

session_set_cookie_params(0, $path, false, $secure,true);


the same with setcookie():

Fail:
setcookie($cookiename, $cookievalue, $cookietime,$path, $domain, $secure, true);

Work
setcookie($cookiename, $cookievalue, $cookietime,$path, false, $secure, true);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-06-25 12:41 UTC] jani@php.net

Does it work with PHP 5.2.10 ?

[2009-07-01 19:23 UTC] sigurdne at online dot no

Found out:
It fails if the SERVER_PORT (the "listen" setting in httpd.conf) is anything but 80.

Applies to all versions from 5.2.6 to 5.3.0 (those are the versions I have tested)

[2009-07-09 20:54 UTC] jani@php.net

Please provide a proper reproducing script we can test with anywhere. 
One that starts with <?php and ends with ?> :)

[2009-07-10 11:16 UTC] sigurdne at online dot no

<?php
	/*
	* A test for session_set_cookie_params and setcookie as mentioned in
	* http://bugs.php.net/bug.php?id=48630
	*/

	$cookiename  = 'cookiename';
	$cookievalue = $_COOKIE[$cookiename] + 1;
	$cookietime  = time() + 3600;
	$path        = '/';
	$domain      = $_SERVER['HTTP_HOST']; // this one includes the port if given (example:127.0.0.1:8080).
	$secure      = false;
	$httponly    = true;	

	session_set_cookie_params(0, $path, $domain, $secure, $httponly);
	setcookie($cookiename, $cookievalue, $cookietime,$path, $domain,$secure, $httponly);

	echo '$_SERVER[SERVER_PORT]: ' . $_SERVER['SERVER_PORT']. '</br></br>';
	echo 'cookie_params:';
	_debug_array(session_get_cookie_params());

	echo 'cookie: ';
	_debug_array($_COOKIE);

	function _debug_array($var = '')
	{
		echo '<pre>';
		print_r($var);
		echo '</pre>';	
	}
?>

[2009-07-10 18:25 UTC] jani@php.net

Well, you're trying to set domain to something that isn't a domain. 
Please check the manual: http://php.net/setcookie and 
http://curl.haxx.se/rfc/cookie_spec.html and

[2009-07-11 12:01 UTC] sigurdne at online dot no

Ah - my bad.
Thanks for looking into it.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jul 17 14:04:04 2025 UTC