ID: 44050 Comment by: pfx-bugs dot php dot net at goeswhere dot com Reported By: a dot candle at gmail dot com Status: Open Bug Type: Unknown/Other Function Operating System: slackware/debian PHP Version: 5.2.5 New Comment:
This can be reproduced by, for example (with the above test-case as http://localhost/pro.php): [EMAIL PROTECTED]:~% echo -e 'GET /pro.php HTTP/1.1\r\nHost: localhost\r\nCookie: $Version=0; a=aaaa\r\nCookie: $Version=0; b=bbbb\r\nCookie: $Version=0; c=bbbb\r\nConnection: close\r\n' | nc localhost 80 HTTP/1.1 200 OK Date: Tue, 05 Feb 2008 21:51:41 GMT Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch10 X-Powered-By: PHP/5.2.0-8+etch10 Set-Cookie: a=aaaa Set-Cookie: b=bbbb Set-Cookie: c=cccc Content-Length: 160 Connection: close Content-Type: text/html; charset=UTF-8 array(4) { ["$Version"]=> string(1) "0" ["a"]=> string(16) "aaaa, $Version=0" ["b"]=> string(16) "bbbb, $Version=0" ["c"]=> string(4) "bbbb" } [EMAIL PROTECTED]:~% Previous Comments: ------------------------------------------------------------------------ [2008-02-05 20:31:59] [EMAIL PROTECTED] Hello, I have not been able to reproduce your issue. Can you please give us more feedback about that? ------------------------------------------------------------------------ [2008-02-05 17:37:48] a dot candle at gmail dot com Description: ------------ When a client sends multiple 'Cookie' headers they appear to be parsed incorrectly. What I believe is happening is that the value part of the cookie headers (after the ': ') are being concaternated with a comma rather then a semicolon. Then (as per the cookie spec: http://wp.netscape.com/newsref/std/cookie_spec.html) the resulting string is being split on semicolon, resulting in the broken cookie values. Reproduce code: --------------- php code: <?php setcookie("a", "aaaa"); setcookie("b", "bbbb"); setcookie("c", "cccc"); var_dump($_COOKIE); ?> headers sent by client: (on the second request) "Cookie: $Version=0; a=aaaa\r\n" "Cookie: $Version=0; b=bbbb\r\n" "Cookie: $Version=0; c=bbbb\r\n" Expected result: ---------------- array(4) { ["$Version"]=> string(1) "0" ["a"]=> string(4) "aaaa" ["b"]=> string(4) "bbbb" ["c"]=> string(4) "cccc" } Actual result: -------------- resulting output: array(4) { ["$Version"]=> string(1) "0" ["a"]=> string(16) "aaaa, $Version=0" ["b"]=> string(16) "bbbb, $Version=0" ["c"]=> string(4) "cccc" } ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=44050&edit=1