百科狗-知识改变命运!
--

setrawcookie() - php 网络函数

百变鹏仔1年前 (2023-11-21)阅读数 23#技术干货
文章标签参数

setrawcookie()

(PHP 5, PHP 7)

发送未经 URL 编码的 cookie

说明

setrawcookie(string $name[,string $value[,int $expire= 0[,string $path[,string $domain[,bool $secure= false[,bool $httponly= false]]]]]]): bool

setrawcookie() - php 网络函数

setrawcookie()和setcookie()非常相似,唯一不同之处是发送到浏览器的 cookie 值没有自动经过 URL 编码(urlencode)。

参数

相关参数的信息参见setcookie()的文档。

返回值

成功时返回TRUE,或者在失败时返回FALSE

更新日志

版本说明
5.5.0发送给客户端的 Set-Cookie 头现在会加上 Max-Age 属性。
5.2.0增加了$httponly参数。

参见

  • setcookie() 发送 Cookie
Firefox is following the real spec and does not decode '+' to space...in fact it further encodes them to '%2B' to store the cookie. If you read a cookie using javascript and unescape it, all your spaces will be turned to '+'.
To fix this problem, use setrawcookie and rawurlencode:

The only change is that spaces will be encoded to '%20' instead of '+' and will now decode properly.
setrawcookie() isn't entirely 'raw'. It will check the value for invalid characters, and then disallow the cookie if there are any. These are the invalid characters to keep in mind: ',;\t\r\n\013\014'.
Note that comma, space and tab are three of the invalid characters. IE, Firefox and Opera work fine with these characters, and PHP reads cookies containing them fine as well. However, if you want to use these characters in cookies that you set from php, you need to use header().
If you want to pass something and unserialize later, you should somehow sign value to ensure evil user don't modify it.
For example, calculate hash sha1($value.$securekey) and place it to different cookie. If cookie value mismatch hash - simple discard both.
This technique you can use in any case if you want to protect cookie from modification, but it can't protect from deletion or from setting to other valid cookie (old or stolen from other user).
You really shouldn't use (un)serialize with cookies. An evil user could inject ANY code in your script.
After having several problems with this cookie thing, I'm using base64_encode on the data I put into a cookie, so I can avoid problems, I had before. I tried to set up cookie with data created by serialize() from a PHP array, but it did not work to be able to get it back, after I modified it to use value of base64_encode(serialize(...)) to set up the cookie, and unserialize(base64_decode(..)) to get back the value, everything started to work.
my php cookie value encode function:

鹏仔微信 15129739599 鹏仔QQ344225443 鹏仔前端 pjxi.com 共享博客 sharedbk.com

免责声明:我们致力于保护作者版权,注重分享,当前被刊用文章因无法核实真实出处,未能及时与作者取得联系,或有版权异议的,请联系管理员,我们会立即处理! 部分文章是来自自研大数据AI进行生成,内容摘自(百度百科,百度知道,头条百科,中国民法典,刑法,牛津词典,新华词典,汉语词典,国家院校,科普平台)等数据,内容仅供学习参考,不准确地方联系删除处理!邮箱:344225443@qq.com)

图片声明:本站部分配图来自网络。本站只作为美观性配图使用,无任何非法侵犯第三方意图,一切解释权归图片著作权方,本站不承担任何责任。如有恶意碰瓷者,必当奉陪到底严惩不贷!

内容声明:本文中引用的各种信息及资料(包括但不限于文字、数据、图表及超链接等)均来源于该信息及资料的相关主体(包括但不限于公司、媒体、协会等机构)的官方网站或公开发表的信息。部分内容参考包括:(百度百科,百度知道,头条百科,中国民法典,刑法,牛津词典,新华词典,汉语词典,国家院校,科普平台)等数据,内容仅供参考使用,不准确地方联系删除处理!本站为非盈利性质站点,本着为中国教育事业出一份力,发布内容不收取任何费用也不接任何广告!)