setrawcookie
(PHP 5, PHP 7, PHP 8)
setrawcookie — 发送未经 URL 编码的 cookie
说明
自 PHP 7.3.0 起可用的替代签名(不支持命名参数):
setrawcookie() 和 setcookie()
非常相似,唯一不同之处是发送到浏览器的 cookie 值没有自动经过 URL 编码(urlencode)。
更新日志
| 版本 |
说明 |
| 7.3.0 |
新增替代签名 options 的支持。此签名还支持设置
SameSite cookie 属性。
|
Brian ¶ 20 years ago
Firefox is following the real spec and does not decode '+' to space...in fact it further encodes them to '%2B' to store the cookie. If you read a cookie using javascript and unescape it, all your spaces will be turned to '+'.
To fix this problem, use setrawcookie and rawurlencode:
<?php
setrawcookie('cookie_name', rawurlencode($value), time()+60*60*24*365);
?>
The only change is that spaces will be encoded to '%20' instead of '+' and will now decode properly.
subs at voracity dot org ¶ 19 years ago
setrawcookie() isn't entirely 'raw'. It will check the value for invalid characters, and then disallow the cookie if there are any. These are the invalid characters to keep in mind: ',;<space>\t\r\n013円014円'.
Note that comma, space and tab are three of the invalid characters. IE, Firefox and Opera work fine with these characters, and PHP reads cookies containing them fine as well. However, if you want to use these characters in cookies that you set from php, you need to use header().