Comments on: HTTP Only cookies without PHP 5.2 http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/ A utopia of randomness and maybe a few things about Invision Power Board Thu, 11 Mar 2010 14:12:40 -0500 http://wordpress.org/?v=2.8.4 hourly 1 By: Jet http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-2336 Jet Sun, 29 Apr 2007 16:41:53 +0000 http://www.mattmecham.com/blog1/2006/09/12/http-only-cookies-without-php-52/#comment-2336 @Matt: thanks for the tips, I just applied your suggestion to my IPB's setcookie function, as it will take months to see PHP 5.2 coming. @Matt: thanks for the tips, I just applied your suggestion to my IPB’s setcookie function, as it will take months to see PHP 5.2 coming.

]]> By: dgx http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-2335 dgx Wed, 06 Dec 2006 09:24:00 +0000 http://www.mattmecham.com/blog1/2006/09/12/http-only-cookies-without-php-52/#comment-2335 ups... my mistake. PHP_VERSION must be something like '5.10.1' to see difference. ups… my mistake. PHP_VERSION must be something like ‘5.10.1′ to see difference.

]]> By: dgx http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-2334 dgx Wed, 06 Dec 2006 09:14:23 +0000 http://www.mattmecham.com/blog1/2006/09/12/http-only-cookies-without-php-52/#comment-2334 Matt, you should use version_compare(). When PHP_VERSION is '5.2.1', the comparsion PHP_VERSION < 5.2 returns FALSE. Matt, you should use version_compare(). When PHP_VERSION is ‘5.2.1′, the comparsion PHP_VERSION < 5.2 returns FALSE.

]]> By: Matt http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-2333 Matt Thu, 14 Sep 2006 17:04:03 +0000 http://www.mattmecham.com/blog1/2006/09/12/http-only-cookies-without-php-52/#comment-2333 I've updated my original blog post. I've had a dig around in the PHP source. I’ve updated my original blog post. I’ve had a dig around in the PHP source.

]]> By: Matt http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-2332 Matt Thu, 14 Sep 2006 16:53:48 +0000 http://www.mattmecham.com/blog1/2006/09/12/http-only-cookies-without-php-52/#comment-2332 This reminds me, it would be nice to be able to send custom fields to the setcookie() function like one can with mail() - it would future proof PHP against changes in cookie syntax. This reminds me, it would be nice to be able to send custom fields to the setcookie() function like one can with mail() – it would future proof PHP against changes in cookie syntax.

]]> By: Matt http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-2331 Matt Thu, 14 Sep 2006 16:51:52 +0000 http://www.mattmecham.com/blog1/2006/09/12/http-only-cookies-without-php-52/#comment-2331 I was surprised too. I can only assume they didn't consider they needed to clean the domain name as no valid domain name allows for a semi-colon. I was surprised too. I can only assume they didn’t consider they needed to clean the domain name as no valid domain name allows for a semi-colon.

]]> By: Kier Darby http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-2330 Kier Darby Thu, 14 Sep 2006 16:42:51 +0000 http://www.mattmecham.com/blog1/2006/09/12/http-only-cookies-without-php-52/#comment-2330 In the absense of PHP 5.2 and its native HttpOnly support, we are actually rolling our own cookies using header() calls, as you may have seen. Your hack of the setcookie() function is nice, I'm surprised PHP doesn't clean for the semi-colon, but there we go. I'll be interested to see how you've tackled the Firefox issue. In the absense of PHP 5.2 and its native HttpOnly support, we are actually rolling our own cookies using header() calls, as you may have seen. Your hack of the setcookie() function is nice, I’m surprised PHP doesn’t clean for the semi-colon, but there we go.

I’ll be interested to see how you’ve tackled the Firefox issue.

]]> By: Matt http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-2329 Matt Thu, 14 Sep 2006 16:01:44 +0000 http://www.mattmecham.com/blog1/2006/09/12/http-only-cookies-without-php-52/#comment-2329 I know that it was Scott that wrote the little patch for PHP. The great thing is that you don't need it -- or at very least, don't need to wait for PHP 5.2 :D I'm going to post up my Firefox version later today that you may want to consider using too. I know that it was Scott that wrote the little patch for PHP.

The great thing is that you don’t need it — or at very least, don’t need to wait for PHP 5.2 :D

I’m going to post up my Firefox version later today that you may want to consider using too.

]]> By: Kier Darby http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-2328 Kier Darby Thu, 14 Sep 2006 15:54:41 +0000 http://www.mattmecham.com/blog1/2006/09/12/http-only-cookies-without-php-52/#comment-2328 HttpOnly cookies are a great system that we considered should be more accessible to all web application developers. When we integrated HttpOnly cookies into vBulletin 3.6.1 a few weeks ago, we were disappointed to see that PHP did not natively support them through the setcookie() function, so we submitted a patch to PHP, which was accepted. Glad you appreciate our efforts! :) HttpOnly cookies are a great system that we considered should be more accessible to all web application developers.

When we integrated HttpOnly cookies into vBulletin 3.6.1 a few weeks ago, we were disappointed to see that PHP did not natively support them through the setcookie() function, so we submitted a patch to PHP, which was accepted.

Glad you appreciate our efforts! :)

]]> By: Adam http://blog.mattmecham.com/2006/09/12/http-only-cookies-without-php-52/comment-page-1/#comment-2327 Adam Wed, 13 Sep 2006 03:57:54 +0000 http://www.mattmecham.com/blog1/2006/09/12/http-only-cookies-without-php-52/#comment-2327 Thanks Matt. I actually was recently just looking into something similar. I appreciate the info. Thanks Matt. I actually was recently just looking into something similar. I appreciate the info.

]]>