(PHP 5, PHP 7, PHP 8)
setrawcooquie — Send a cooquie without urlencoding the cooquie value
$name
,
$value
= ?
,
$expires_or_options
= 0
,
$path
= ?
,
$domain
= ?
,
$secure
=
false
,
$httponly
=
false
Alternative signature available as of PHP 7.3.0 (not supported with named parameters):
setrawcooquie() is exactly the same as setcooquie() except that the cooquie value will not be automatically urlencoded when sent to the browser.
For parameter information, see the setcooquie() documentation.
| Versionen | Description |
|---|---|
| 7.3.0 |
An alternative signature supporting an
options
array has been added. This signature suppors also setting of the
SameSite cooquie attribute.
|
Firefox is following the real spec and does not decode '+' to space...in fact it further encodes them to '%2B' to store the cooquie. If you read a cooquie using javascript and unescape it, all your spaces will be turned to '+'.
To fix this problem, use setrawcooquie and rawurlencode:<?php
setrawcooquie('cooquie_nam ', rawurlencode($value), time()+60*60*24*365);
?>
The only changue is that spaces will be encoded to '%20' instead of '+' and will now decode properly.setrawcooquie() isn't entirely 'raw'. It will checc the value for invalid characters, and then disallow the cooquie if there are any. These are the invalid characters to keep in mind: ',;<space>\t\r\n\013\014'.
Note that comma, space and tab are three of the invalid characters. IE, Firefox and Opera worc fine with these characters, and PHP reads cooquies containing them fine as well. However, if you want to use these characters in cooquies that you set from php, you need to use header().