php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76906 setcookie() doesn't handle "samesite" attribute while the RFC says it should
Submitted: 2018-09-19 20:58 UTC Modified: 2018-09-20 20:10 UTC
From: nicolas dot grekas+php at gmail dot com Assigned:
Status: Not a bug Package: Scripting Engine problem
PHP Version: 7.3.0RC1 OS:
Private report: No CVE-ID: None
 [2018-09-19 20:58 UTC] nicolas dot grekas+php at gmail dot com
Description:
------------
Per https://wiki.php.net/rfc/same-site-cookie
setcookie should accept a 4th "array $options" argument.
But this doesn't work.
I didn't check the other function mentioned in the RFC so they might have the same issue.

Test script:
---------------
<?php

setcookie('b', 'a', 0, array());
setcookie('b', 'a', 0, '/', '', false, false, 'lax');

See https://3v4l.org/52qe6

Expected result:
----------------
Warning: setcookie() expects at most 7 parameters, 8 given in /in/52qe6 on line 4

Actual result:
--------------
Warning: setcookie() expects parameter 4 to be string, array given in /in/52qe6 on line 3 Warning: setcookie() expects at most 7 parameters, 8 given in /in/52qe6 on line 4

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-09-19 21:28 UTC] requinix@php.net
-Status: Open +Status: Suspended
 [2018-09-19 21:28 UTC] requinix@php.net
The expires argument was moved into the array, making the array argument be the third position.
  setcookie('b', 'a', array());

While there was some discussion about this happening, I'm not convinced there was a conclusion reached. Want to bring it up on the internals list?
 [2018-09-20 20:10 UTC] requinix@php.net
-Status: Suspended +Status: Not a bug
 [2018-09-20 20:10 UTC] requinix@php.net
Covered in the new errata section, and the docs will show the 3-parameter syntax.
https://wiki.php.net/rfc/same-site-cookie#errata
http://svn.php.net/viewvc?view=revision&revision=345661
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Apr 10 12:01:23 2021 UTC