ID: 32860 User updated by: ast at gmx dot ch Reported By: ast at gmx dot ch Status: Open Bug Type: Feature/Change Request Operating System: * PHP Version: 4.3.11 New Comment:
quoted-string cookies are defined as cookies with a value that is a quoted-string, quoted by double-quote marks. You refer to PHP's mechanism to urlencode all cookie values resulting in TOKEN values. This mechanism is indeed suggested in netscapes standard. I've pointed the difference of these things out in my bug report. So, please don't say what I claim is wrong, because that is simply not true. Handle it as a feature request if you prefer that. It's ok. Thanks for the discussion. After all, we all agree on the state (PHP 4.3.11 implements cookie standard 0 (netscape)) and what it doesn't (RFC 2109 which is as old as PHP 2). Previous Comments: ------------------------------------------------------------------------ [2005-04-28 16:52:08] [EMAIL PROTECTED] You claimed that PHP handles quoted-strings within cookies incorrectly. This is simply wrong. PHP supports version 0 cookies, like all browsers do by default and there are no quoted-strings in the version 0 standard. It doesn't matter when the Cookie Version 1 RFCs were released. Fact is: the web uses mainly version 0 cookies. So Jani was right when he changed this into a feature request. ------------------------------------------------------------------------ [2005-04-28 15:41:08] ast at gmx dot ch Fact is that PHP 2 was released after RFC 2109 and the dev cycle of PHP 3, 4, and 5 started completely after RFC 2109 was published. Interpret the issue as you want. I just wanted to help you to be more standards compliant. ------------------------------------------------------------------------ [2005-04-28 14:40:05] [EMAIL PROTECTED] You are wrong. It is not a bug. PHP implements Cookie version 0 which is based upon the Netscape Cookie standard. Both RFCs 2109/2965 speak of Cookie version 1. ------------------------------------------------------------------------ [2005-04-28 12:03:44] ast at gmx dot ch But even the initial cookie RFC, http://rfc.net/rfc2109.html, described that a value may be either a TOKEN or a quoted-string. The only difference to the new cookie RFC, RFC 2965, is that <"> are not allowed in quoted-string values of the old version while they may be in quoted-string values, just escaped by the escape character "\" in the new version. Therefore, the separaters "," and ";" are allowed in quoted-string values even in the old cookie RFC. Maybe you could list it as a low-priority bug, but it's a bug and not a feature or a change request. ------------------------------------------------------------------------ [2005-04-28 08:16:09] [EMAIL PROTECTED] When PHP was written, this RFC did not yet exist - that's why we classify it as a feature request - it's basically "cookie version 1.1". ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/32860 -- Edit this bug report at http://bugs.php.net/?id=32860&edit=1