Edit report at https://bugs.php.net/bug.php?id=63835&edit=1
ID: 63835
Updated by: larue...@php.net
Reported by: tom916 at qq dot com
Summary: two cookie in request ,get comma in first cookie
name
Status: Assigned
Type: Bug
Package: *General Issues
Operating System: linux
PHP Version: 5.3Git-2012-12-22 (Git)
Assigned To: laruence
Block user comment: N
Private report: N
New Comment:
@pierrick , thanks for the explaination, and after some search, I also reached
that we can not fix this without any side-affect(BC break),
so, I think maybe won't fix.
thanks
Previous Comments:
------------------------------------------------------------------------
[2012-12-24 04:39:43] pierr...@php.net
RFC6265 is the last specification for HTTP State Management Mechanism.
Section 4.2.1 says that the grammar for the Cookie header is
cookie-header = "Cookie:" OWS cookie-string OWS
cookie-string = cookie-pair *( ";" SP cookie-pair )
Since RFC2626 (HTTP) only allows multiple message-header fields with the same
if and only if the entire field-value for
that header field is defined as a comma-separated list, I guess having multiple
Cookie: header is not a valid case.
------------------------------------------------------------------------
[2012-12-24 04:02:21] larue...@php.net
@pierrick, thanks, I also found a page:
http://kristol.org/cookie/errata.html ;)
------------------------------------------------------------------------
[2012-12-24 03:59:38] pierr...@php.net
RFC2616 says : Multiple message-header fields with the same field-name MAY be
present in a message if and only if the entire field-value for that header
field
is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to
combine the multiple header fields into one "field-name: field-value" pair,
without changing the semantics of the message, by appending each subsequent
field-value to the first, each separated by a comma. The order in which header
fields with the same field-name are received is therefore significant to the
interpretation of the combined field value, and thus a proxy MUST NOT change
the
order of these field values when a message is forwarded.
------------------------------------------------------------------------
[2012-12-24 03:33:59] larue...@php.net
I have no idea why some browser will do this, but I can not find a proof that
doesn't allow this.
anyway, this fix will introduce bc break, like, before,
cookie: userids=123,1232,123213;
I saw such usage before, so... I didn't commit this. I will try to find some
fix in the apache apis
------------------------------------------------------------------------
[2012-12-23 08:52:49] tom916 at qq dot com
Now if the cookie name has a comma ,It becomes 2 cookie name
<?php
$fp = fsockopen("localhost", 50080, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)<br />\n";
} else {
$out = "GET /show_cookie.php HTTP/1.1\r\n";
$out .= "Host: localhost:50080\r\n";
// $out .= "Cookie:\r\n";
$out .= "Cookie: a=1; b=2; c,d=abc\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
echo fgets($fp, 128);
}
fclose($fp);
}
----------------------------
Array
(
[a] => 1
[b] => 2
[c] =>
[d] => abc
)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=63835
--
Edit this bug report at https://bugs.php.net/bug.php?id=63835&edit=1
