|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #77407 Cookie name not parsed correctly
Submitted: 2019-01-03 16:48 UTC Modified: 2019-01-04 11:52 UTC
From: devosc at gmail dot com Assigned:
Status: Suspended Package: *Programming Data Structures
PHP Version: next OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
50 + 25 = ?
Subscribe to this entry?

 [2019-01-03 16:48 UTC] devosc at gmail dot com
"PHP will replace special characters in cookie names, which results in other cookies not being available due to overwriting. Thus, the server request should take the cookies from the request header instead."

It seems like this should be fixed in PHP itself, as this is the purpose of having the super global $_COOKIE.

Test script:
setcookie('', 'foobar');

Expected result:
$_COOKIE = [ '' => 'foobar']

Actual result:
$_COOKIE = [ 'foo_bar' => 'foobar']


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-01-04 11:52 UTC]
-Status: Open +Status: Suspended -Type: Bug +Type: Feature/Change Request -PHP Version: 7.3.0 +PHP Version: next
 [2019-01-04 11:52 UTC]
This is intended and well documented[1] behavior, coming from the
old times where request parameters (could) have been registered as
PHP variables.  Changing the behavior would now technically be
possible, but due to the BC break, this needs discussion on
internals@, and likely the RFC process[2].  Feel free to start it;
for the time being I'm suspending this ticket.

[1] <>
[2] <>
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Feb 04 00:03:40 2023 UTC