|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2018-07-31 21:17 UTC] cmb@php.net
Description: ------------ The support for SameSite cookie directives[1] introduced $option parameters for setcookie(), setrawcookie() and session_set_cookie_params(), but these appear to allow further arguments to be passed, which does not appear to conform to the respective RFC[2], and is generally confusing. [1] <https://github.com/php/php-src/pull/3398> [2] <https://wiki.php.net/rfc/same-site-cookie#proposal> Test script: --------------- <?php session_set_cookie_params(array('path'=>'/foo/'), 'bar', 'www.example.com'); var_dump(session_get_cookie_params()); Expected result: ---------------- A warning regarding excess arguments, which should be ignored for further processing. Actual result: -------------- array(6) { ["lifetime"]=> int(0) ["path"]=> string(5) "/foo/" ["domain"]=> string(15) "www.example.com" ["secure"]=> bool(false) ["httponly"]=> bool(false) ["samesite"]=> string(0) "" } PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 18 23:01:27 2024 UTC |
The referenced line is php_setcookie(name, value, expires, path, domain, secure, !raw, httponly); And has to be changed to php_setcookie(name, value, expires, path, domain, secure, !raw, httponly, NULL); to make it compile.