php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #63835 two cookie in request ,get comma in first cookie name
Submitted: 2012-12-22 17:21 UTC Modified: 2012-12-25 03:01 UTC
From: tom916 at qq dot com Assigned: laruence (profile)
Status: Wont fix Package: *General Issues
PHP Version: 5.3Git-2012-12-22 (Git) OS: linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: tom916 at qq dot com
New email:
PHP Version: OS:

 

 [2012-12-22 17:21 UTC] tom916 at qq dot com 
Description:
------------
When the browser client send 2 Cookie: in header,the php get first cookie name has a comma in the fist char。God know know the browser send 2 Cookie in header ?


Array
(
    [,_a] => 1
)

Test script:
---------------
------------------show_cookie.php--------------
<?php
print_r($_COOKIE);

------------------send_cookie.php--------------
<?php
$fp = fsockopen("localhost", 50080, $errno, $errstr, 30); //my apache listen on 50080
if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "GET /show_cookie.php HTTP/1.1\r\n";
    $out .= "Host: localhost:50080\r\n";
    $out .= "Cookie:\r\n";
    $out .= "Cookie: a=1\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 128);
    }
    fclose($fp);
}


php send_cookie.php

---------result-----------
HTTP/1.1 200 OK
Date: Sat, 22 Dec 2012 17:11:59 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.3
X-Powered-By: PHP/5.3.3
Content-Length: 25
Connection: close
Content-Type: text/html

Array
(
    [,_a] => 1
)


Expected result:
----------------
Array
(
    [a] => 1
)

Actual result:
--------------
Array
(
    [,_a] => 1
)

Patches

bug63835.patch (last revision 2012-12-23 06:04 UTC by laruence@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-12-23 05:46 UTC] laruence@php.net 
I don't think it's a php specific bug, php read the cookie via apache 
apr_table_get

 
apr_table_get return ", a=1" in your case.
 [2012-12-23 05:48 UTC] laruence@php.net 
oh, ignore my previous comment, apache return a comma separated string if there is 
multi cookie headers
 [2012-12-23 06:04 UTC] laruence@php.net 
The following patch has been added/updated:

Patch Name: bug63835.patch
Revision:   1356242654
URL:        https://bugs.php.net/patch-display.php?bug=63835&patch=bug63835.patch&revision=1356242654
 [2012-12-23 08:05 UTC] tom916 at qq dot com 
Thank you very much to help me solve the problem in such a short time. Do you know why the browser will send the cookie header? Our website every day will receive nearly 10,000 such requests.
 [2012-12-23 08:05 UTC] tom916 at qq dot com
-Status: Open +Status: Closed
 [2012-12-23 08:52 UTC] tom916 at qq dot com
-Status: Closed +Status: Assigned
 [2012-12-23 08:52 UTC] tom916 at qq dot com 
Now if the cookie name has a comma ,It becomes 2 cookie name

<?php
$fp = fsockopen("localhost", 50080, $errno, $errstr, 30);
if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "GET /show_cookie.php HTTP/1.1\r\n";
    $out .= "Host: localhost:50080\r\n";
//    $out .= "Cookie:\r\n";
    $out .= "Cookie: a=1; b=2; c,d=abc\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 128);
    }
    fclose($fp);
}



----------------------------
Array
(
    [a] => 1
    [b] => 2
    [c] => 
    [d] => abc
)
 [2012-12-23 17:57 UTC] felipe@php.net
-Assigned To: +Assigned To: laruence
 [2012-12-24 03:33 UTC] laruence@php.net 
I have no idea why some browser will do this, but I can not find a proof that 
doesn't allow this.

anyway, this fix will introduce bc break, like, before,

cookie: userids=123,1232,123213;

I saw such usage before, so... I didn't commit this.  I will try to find some 
fix in the apache apis
 [2012-12-24 03:59 UTC] pierrick@php.net 
RFC2616 says : Multiple message-header fields with the same field-name MAY be 
present in a message if and only if the entire field-value for that header field 
is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to 
combine the multiple header fields into one "field-name: field-value" pair, 
without changing the semantics of the message, by appending each subsequent 
field-value to the first, each separated by a comma. The order in which header 
fields with the same field-name are received is therefore significant to the 
interpretation of the combined field value, and thus a proxy MUST NOT change the 
order of these field values when a message is forwarded.
 [2012-12-24 04:02 UTC] laruence@php.net 
@pierrick, thanks,  I also found a page:  
http://kristol.org/cookie/errata.html   ;)
 [2012-12-24 04:39 UTC] pierrick@php.net 
RFC6265 is the last specification for HTTP State Management Mechanism.

Section 4.2.1 says that the grammar for the Cookie header is 

   cookie-header = "Cookie:" OWS cookie-string OWS
   cookie-string = cookie-pair *( ";" SP cookie-pair )

Since RFC2626 (HTTP) only allows multiple message-header fields with the same if and only if the entire field-value for 
that header field is defined as a comma-separated list, I guess having multiple Cookie: header is not a valid case.
 [2012-12-24 05:15 UTC] laruence@php.net 
@pierrick , thanks for the explaination, and after some search, I also reached 
that we can not fix this without any side-affect(BC break),

so, I think maybe won't fix. 

thanks
 [2012-12-25 03:01 UTC] laruence@php.net
-Status: Assigned +Status: Wont fix
 [2012-12-25 03:01 UTC] laruence@php.net 
as we discussed before,closed.

maybe you can file a bug to apache, it should not accept two cookies since they 
can not be combined
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu May 02 08:01:32 2024 UTC