|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #77407 Cookie name not parsed correctly
Submitted: 2019-01-03 16:48 UTC Modified: 2019-01-04 11:52 UTC
From: devosc at gmail dot com Assigned:
Status: Suspended Package: *Programming Data Structures
PHP Version: next OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2019-01-03 16:48 UTC] devosc at gmail dot com
"PHP will replace special characters in cookie names, which results in other cookies not being available due to overwriting. Thus, the server request should take the cookies from the request header instead."

It seems like this should be fixed in PHP itself, as this is the purpose of having the super global $_COOKIE.

Test script:
setcookie('', 'foobar');

Expected result:
$_COOKIE = [ '' => 'foobar']

Actual result:
$_COOKIE = [ 'foo_bar' => 'foobar']


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-04 11:52 UTC]
-Status: Open +Status: Suspended -Type: Bug +Type: Feature/Change Request -PHP Version: 7.3.0 +PHP Version: next
 [2019-01-04 11:52 UTC]
This is intended and well documented[1] behavior, coming from the
old times where request parameters (could) have been registered as
PHP variables.  Changing the behavior would now technically be
possible, but due to the BC break, this needs discussion on
internals@, and likely the RFC process[2].  Feel free to start it;
for the time being I'm suspending this ticket.

[1] <>
[2] <>
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Apr 13 09:01:28 2024 UTC