From: tim987 at email dot com Operating system: Windows/Linux PHP version: 5.3.0beta1 PHP Bug Type: Feature/Change Request Bug description: Make PHP more secure: Simple Fix
Description: ------------ PHP shouldn't allow a cookie that doesn't expire when a web browser is closed. Alot of PHP sites are very insecure because they use cookies that don't expire at all. For example, YouTube,which uses PHP, doesn't expire cookies at all so if you sign into your YouTube account, close your browser,shut down your computer, then go back to YouTube, your account will still be logged in which is scary for people using public computers. So this is why this and all future versions of PHP should not allow cookies that do not expire when a web browser is closed. -- Edit bug report at http://bugs.php.net/?id=47248&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=47248&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=47248&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=47248&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=47248&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=47248&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=47248&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=47248&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=47248&r=needscript Try newer version: http://bugs.php.net/fix.php?id=47248&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=47248&r=support Expected behavior: http://bugs.php.net/fix.php?id=47248&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=47248&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=47248&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=47248&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=47248&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=47248&r=dst IIS Stability: http://bugs.php.net/fix.php?id=47248&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=47248&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=47248&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=47248&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=47248&r=mysqlcfg