|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35523 '+' in Cookies converted to ' ' (space)
Submitted: 2005-12-02 17:04 UTC Modified: 2005-12-02 19:06 UTC
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: bugs dot php dot net at honeypot-1 dot dnsalias dot net Assigned:
Status: Not a bug Package: HTTP related
PHP Version: 4.4.1 OS: Linux 2.4
Private report: No CVE-ID: None
 [2005-12-02 17:04 UTC] bugs dot php dot net at honeypot-1 dot dnsalias dot net
As far as I know (Netscape specification) cookies are allowed to contain the '+'-character. Up to and including PHP 4.4.0 this is the way they were handled. But with PHP 4.4.1 pluses in the cookie value are replaced by a single space, like in values of GET-parameters.

Reproduce code:
// run twice

header('Set-Cookie: my_cookie=ABC+DEF');

Expected result:
// as up to 4.4.0

_REQUEST['my_cookie']  ==           'ABC+DEF';
_COOKIE['my_cookie']   ==           'ABC+DEF';
_SERVER["HTTP_COOKIE"] == 'my_cookie=ABC+DEF';

Actual result:
_REQUEST['my_cookie']  ==           'ABC DEF';
_COOKIE['my_cookie']   ==           'ABC DEF';
_SERVER["HTTP_COOKIE"] == 'my_cookie=ABC+DEF';


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-02 17:54 UTC] judas at dotgeek dot org
Also reproducible using PHP 5.1.2-dev (latest CVS)
 [2005-12-02 19:06 UTC]
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Jun 21 15:01:29 2024 UTC