PHP :: Request #47248 :: Make PHP more secure: Simple Fix

Make PHP more secure: Simple Fix

Submitted:

2009-01-30 02:12 UTC

Modified:

2009-01-30 02:50 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

tim987 at email dot com

Assigned:

Status:

Not a bug

Package:

Feature/Change Request

PHP Version:

5.3.0beta1

OS:

Windows/Linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 17 - 9 = ?
Subscribe to this entry?

[2009-01-30 02:12 UTC] tim987 at email dot com

Description:
------------
PHP shouldn't allow a cookie that doesn't expire when a web browser is closed. 
 Alot of PHP sites are very insecure because they use cookies that don't expire at all. For example, YouTube,which uses PHP, doesn't expire cookies at all so if you sign into your YouTube account, close your browser,shut down your computer, then go back to YouTube, your account will still be logged in which is scary for people using public computers.
 So this is why this and all future versions of PHP should not allow cookies that do not expire when a web browser is closed.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-01-30 02:50 UTC] scottmac@php.net

Non permanent cookies would infuriate people who don't use public computers if they needed to login every time.

This is a stupid suggestion and is up to the application developers.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 10:01:29 2024 UTC