#47248 [NEW]: Make PHP more secure: Simple Fix

Thu, 29 Jan 2009 18:12:21 -0800 

From:             tim987 at email dot com
Operating system: Windows/Linux
PHP version:      5.3.0beta1
PHP Bug Type:     Feature/Change Request
Bug description:  Make PHP more secure: Simple Fix

Description:
------------
PHP shouldn't allow a cookie that doesn't expire when a web browser is
closed. 
 Alot of PHP sites are very insecure because they use cookies that don't
expire at all. For example, YouTube,which uses PHP, doesn't expire cookies
at all so if you sign into your YouTube account, close your browser,shut
down your computer, then go back to YouTube, your account will still be
logged in which is scary for people using public computers.
 So this is why this and all future versions of PHP should not allow
cookies that do not expire when a web browser is closed.



-- 
Edit bug report at http://bugs.php.net/?id=47248&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=47248&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=47248&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=47248&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=47248&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=47248&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=47248&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=47248&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=47248&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=47248&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=47248&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=47248&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=47248&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=47248&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=47248&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=47248&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=47248&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=47248&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=47248&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=47248&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=47248&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=47248&r=mysqlcfg

Reply via email to