php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #47248 Make PHP more secure: Simple Fix
Submitted: 2009-01-30 02:12 UTC Modified: 2009-01-30 02:50 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: tim987 at email dot com Assigned:
Status: Not a bug Package: Feature/Change Request
PHP Version: 5.3.0beta1 OS: Windows/Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tim987 at email dot com
New email:
PHP Version: OS:

 

 [2009-01-30 02:12 UTC] tim987 at email dot com 
Description:
------------
PHP shouldn't allow a cookie that doesn't expire when a web browser is closed. 
 Alot of PHP sites are very insecure because they use cookies that don't expire at all. For example, YouTube,which uses PHP, doesn't expire cookies at all so if you sign into your YouTube account, close your browser,shut down your computer, then go back to YouTube, your account will still be logged in which is scary for people using public computers.
 So this is why this and all future versions of PHP should not allow cookies that do not expire when a web browser is closed.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-01-30 02:50 UTC] scottmac@php.net 
Non permanent cookies would infuriate people who don't use public computers if they needed to login every time.

This is a stupid suggestion and is up to the application developers.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 12:01:31 2024 UTC