php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #60026 Remove references to obsolete RFC 2109 in manual page for setcookie()
Submitted: 2011-10-10 06:29 UTC Modified: 2011-12-03 20:41 UTC
From: bugs dot php dot net at chsc dot dk Assigned: frozenfire (profile)
Status: Closed Package: HTTP related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bugs dot php dot net at chsc dot dk
New email:
PHP Version: OS:

 

 [2011-10-10 06:29 UTC] bugs dot php dot net at chsc dot dk
Description:
------------
The page http://php.net/manual/en/function.setcookie.php contains several references to RFC 2109. This has been obsoleted by RFC 6265 (published April 2011).

http://tools.ietf.org/html/rfc2109
http://tools.ietf.org/html/rfc6265

In particular, the manual page currently says:
> domain:
> The domain that the cookie is available to. To make the cookie available
> on all subdomains of example.com (including example.com itself) then you'd
> set it to '.example.com'. Although some browsers will accept cookies
> without the initial ., RFC 2109 requires it to be included. Setting the
> domain to 'www.example.com' or '.www.example.com' will make the cookie only
> available in the www subdomain.

The requirement about the leading period has been reverted, so now it is no longer permitted, though browsers are required to ignore any leading periods (section 4.1.2.3).


I don't know if any current browsers require the use of a leading period. RFC 6265 claims to be describe current practice, and says that "[w]here some existing software differs from the recommended protocol in significant ways, the document contains a note explaining the difference". There is no mention of browsers malfunctioning when the leading period is omitted.


- The manual page should be updated to refer to RFC 6265.
- The examples should not use a leading period for the domain argument.
- The description of the domain argument should be rephrased to reflect the updated RFC.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-12-03 20:30 UTC] frozenfire@php.net
-Assigned To: +Assigned To: frozenfire
 [2011-12-03 20:40 UTC] frozenfire@php.net
Automatic comment from SVN on behalf of frozenfire
Revision: http://svn.php.net/viewvc/?view=revision&revision=320317
Log: Updated to reflect that cookies are now governed by RFC 6265 instead of RFC 2109. Closes bug #60026.
 [2011-12-03 20:41 UTC] frozenfire@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2011-12-03 20:41 UTC] frozenfire@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 15:01:29 2024 UTC