Hello,
as suggested by Andi and Nuno, setcookie() and setrawcookie() should not
take more than six parameters. Overloading the function with an array as
the third parameter is preferred.
The patch in the attachment considers these suggestions.
To not break compatibility with existing code, the cookie functions can
still be called like this:
bool setcookie ( string name [, string value [, int expire [, string path [, string domain [, bool secure ]]] )
bool setrawcookie ( string name [, string value [, int expire [, string path [, string domain [, bool secure]]]])
Additionally, they now may be called this way:
bool setcookie ( string name, string value, indexed_array parameters)
bool setrawcookie ( string name, string value, indexed_array parameters)
The indexed array 'parameters' is expected to be:
array( {int|string} expires [, string path [, domain [, bool secure [,bool httponly]]]] )
If 'expires' is an int, it will be treated the usual way. If it is a
string, the string is expected to be tokenized like this: Y:M:D:h:m:s
Meaning: How many years (Y) [365 days], months (M) [30 days], days (D),
hours (h), minutes (m) and secondes (s) from now on, shall the cookie be
valid?
Examples:
The following calls to setcookie() are all equivalent:
setcookie("test","101",mktime()+6060,"/","localhost",1)
setcookie("test","101",array(mktime()+6060,"/","localhost",1))
setcookie("test","101",array("0:0:0:1:0:0","/","localhost",1))
setcookie("test","101",array(":::1","/","localhost",1))
Of course, if you want a httpOnly cookie, you should call
setcookie("test","101",array(":::1","/","localhost",1,1))
Patches for httpOnly session cookies are the same as before.
Again, I hope this is useful and not bug-ridden...
Jochen
[ ext/standard/head.c.patch ; ext/standard/head.h.patch ]
Jochen Hansper wrote:
The indexed array 'parameters' is expected to be:
array( {int|string} expires [, string path [, domain [, bool secure [,bool httponly]]]] )
Why not like this?
array(
'expires' => ...,
'path' => ...,
'domain => ...,
'secure' => ...,
'httponly' => ...
);
I think, it will be more readable.
--
Ondrej Ivanic
(ondrej@kmit.sk)
Jochen Hansper wrote:
The indexed array 'parameters' is expected to be:
array( {int|string} expires [, string path [, domain [, bool secure
[,bool httponly]]]] )Why not like this?
array(
'expires' => ...,
'path' => ...,
'domain => ...,
'secure' => ...,
'httponly' => ...
);
This was the agreed way. And it makes much more sense, otherwise you would
just be emulating the additional parameter.
The expire parameter is going to be discontinued and replaced by 'max-age',
which makes much more sense (no problems with differences between the
server's and client's clock).
Nuno
Hi Jochen,
setcookie("test","101",mktime()+6060,"/","localhost",1)
setcookie("test","101",array(mktime()+6060,"/","localhost",1))
setcookie("test","101",array("0:0:0:1:0:0","/","localhost",1))
setcookie("test","101",array(":::1","/","localhost",1))
I'd prefer if the index would either be a string or if there would be
constants with the name since often I'm fine with the default settings but
only want to set one option and imho
setcookie("test","101",array("http_only" => 1));
and
setcookie("test","101",array(COOKIE_HTTP_ONLY => 1));
are much better readable than
setcookie("test","101",array(3 => 1));
or even
setcookie("test","101",array(NULL, NULL, NULL,1));
btw. I would be a fan off adding named parameters if it can be done without
any harm - that would be much nicer than arrays or many optional parameters.
http://www.zend.com/zend/week/week190.php#Heading5
johannes