Tuesday, 21 July 2015

Dots Aren’t Allowed In PHP Cookie Names

When you try and use cookies in php, you can’t use dots / periods [.] in the names. So this won’t work:
$var = $_COOKIE['cookie.name.with.dots'];
You can set them with dots using Javascript, but when you go to access them, the dots magically become underscores [ _ ]

The reason for all this faffing is that terrible setting called Register Globals, which takes all $_POST, $_GET, $_COOKIE vars and sets them to real variable names. For example…
$_COOKIE['my_name']
Would be accessible with
$my_name
when register globals is turned on. It is a massive security issue and should be turned off at all times.
Register globals means that all cookie, post, get etc variables must meet php variable naming guidelines, which don’t include dots.
So there you go. Turn register globals off and only use underscores to separate words in cookie names.

0 comments:

Post a Comment