php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #68390 setcookie to override same name cookies
Submitted: 2014-11-10 10:45 UTC Modified: 2014-11-10 10:52 UTC
From: coladict at gmail dot com Assigned:
Status: Duplicate Package: *General Issues
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2014-11-10 10:45 UTC] coladict at gmail dot com
Description:
------------
The last Set-Cookie header, setting a cookie by the same name, always overrides the data in the browser, but multiple set-cookie headers are send for the same name. This initially caused our proxy server to reject the response, because the header size exceeded the default limit.

setcookie() should override previous calls to the same cookie name. It should also issue an E_NOTICE message when overriding a previously called cookie, for easier tracing of problems where a cookie might wrongly be overridden.


Test script:
---------------
<?php
setcookie('randomcookie','olddata');
setcookie('randomcookie','newdata');

Expected result:
----------------
In the response headers as suggested:

Set-Cookie:randomcookie=newdata

Actual result:
--------------
In the response headers as it is now:

Set-Cookie:randomcookie=olddata
Set-Cookie:randomcookie=newdata

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-11-10 10:52 UTC] aharvey@php.net
-Status: Open +Status: Duplicate
 [2014-11-10 10:52 UTC] aharvey@php.net
Duplicate of bug #67736 (which links to https://github.com/php/php-src/pull/795, where a lively discussion is taking place on whether this should be changed or not, and if so, how).
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Jan 19 02:01:25 2019 UTC