php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #77407 Cookie name not parsed correctly
Submitted: 2019-01-03 16:48 UTC Modified: 2019-01-04 11:52 UTC
From: devosc at gmail dot com Assigned:
Status: Suspended Package: *Programming Data Structures
PHP Version: next OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2019-01-03 16:48 UTC] devosc at gmail dot com
Description:
------------
"PHP will replace special characters in cookie names, which results in other cookies not being available due to overwriting. Thus, the server request should take the cookies from the request header instead."

https://github.com/zendframework/zend-diactoros/blob/master/src/functions/parse_cookie_header.php

It seems like this should be fixed in PHP itself, as this is the purpose of having the super global $_COOKIE.



Test script:
---------------
setcookie('foo.bar', 'foobar');

Expected result:
----------------
$_COOKIE = [ 'foo.bar' => 'foobar']

Actual result:
--------------
$_COOKIE = [ 'foo_bar' => 'foobar']

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-04 11:52 UTC] cmb@php.net
-Status: Open +Status: Suspended -Type: Bug +Type: Feature/Change Request -PHP Version: 7.3.0 +PHP Version: next
 [2019-01-04 11:52 UTC] cmb@php.net
This is intended and well documented[1] behavior, coming from the
old times where request parameters (could) have been registered as
PHP variables.  Changing the behavior would now technically be
possible, but due to the BC break, this needs discussion on
internals@, and likely the RFC process[2].  Feel free to start it;
for the time being I'm suspending this ticket.

[1] <http://php.net/manual/en/language.variables.external.php#language.variables.external.dot-in-names>
[2] <https://wiki.php.net/rfc/howto>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 11:01:29 2024 UTC