PHP :: Bug #48630 :: cookie not set if $domain is given as input

Bug #48630	cookie not set if $domain is given as input
Submitted:	2009-06-21 20:01 UTC	Modified:	2009-07-11 12:01 UTC
From:	sigurdne at online dot no	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	5.3CVS-2009-06-21 (snap)	OS:	ubuntu 9.04
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	sigurdne at online dot no
New email:
PHP Version:		OS:

New Comment:

[2009-06-21 20:01 UTC] sigurdne at online dot no

Description:
------------
The cookie is not set if $domain is set in either of session_set_cookie_params() and setcookie().

Reproduce code:
---------------
Fail:
session_set_cookie_params(0, $path, $domain, $secure,true);

Work:

session_set_cookie_params(0, $path, false, $secure,true);


the same with setcookie():

Fail:
setcookie($cookiename, $cookievalue, $cookietime,$path, $domain, $secure, true);

Work
setcookie($cookiename, $cookievalue, $cookietime,$path, false, $secure, true);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-06-25 12:41 UTC] jani@php.net

Does it work with PHP 5.2.10 ?

[2009-07-01 19:23 UTC] sigurdne at online dot no

Found out:
It fails if the SERVER_PORT (the "listen" setting in httpd.conf) is anything but 80.

Applies to all versions from 5.2.6 to 5.3.0 (those are the versions I have tested)

[2009-07-09 20:54 UTC] jani@php.net

Please provide a proper reproducing script we can test with anywhere. 
One that starts with <?php and ends with ?> :)

[2009-07-10 11:16 UTC] sigurdne at online dot no

<?php
	/*
	* A test for session_set_cookie_params and setcookie as mentioned in
	* http://bugs.php.net/bug.php?id=48630
	*/

	$cookiename  = 'cookiename';
	$cookievalue = $_COOKIE[$cookiename] + 1;
	$cookietime  = time() + 3600;
	$path        = '/';
	$domain      = $_SERVER['HTTP_HOST']; // this one includes the port if given (example:127.0.0.1:8080).
	$secure      = false;
	$httponly    = true;	

	session_set_cookie_params(0, $path, $domain, $secure, $httponly);
	setcookie($cookiename, $cookievalue, $cookietime,$path, $domain,$secure, $httponly);

	echo '$_SERVER[SERVER_PORT]: ' . $_SERVER['SERVER_PORT']. '</br></br>';
	echo 'cookie_params:';
	_debug_array(session_get_cookie_params());

	echo 'cookie: ';
	_debug_array($_COOKIE);

	function _debug_array($var = '')
	{
		echo '<pre>';
		print_r($var);
		echo '</pre>';	
	}
?>

[2009-07-10 18:25 UTC] jani@php.net

Well, you're trying to set domain to something that isn't a domain. 
Please check the manual: http://php.net/setcookie and 
http://curl.haxx.se/rfc/cookie_spec.html and

[2009-07-11 12:01 UTC] sigurdne at online dot no

Ah - my bad.
Thanks for looking into it.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jul 17 14:04:04 2025 UTC