nlopess Fri Aug 11 16:21:54 2006 UTC
Modified files: /phpdoc/en/reference/session ini.xml /phpdoc/en/reference/session/functions session-get-cookie-params.xml session-set-cookie-params.xml /phpdoc/en/reference/network/functions setcookie.xml setrawcookie.xml Log: document the new httponly flag in session and setcookie*() stuff
http://cvs.php.net/viewvc.cgi/phpdoc/en/reference/session/ini.xml?r1=1.40&r2=1.41&diff_format=u Index: phpdoc/en/reference/session/ini.xml diff -u phpdoc/en/reference/session/ini.xml:1.40 phpdoc/en/reference/session/ini.xml:1.41 --- phpdoc/en/reference/session/ini.xml:1.40 Tue Feb 7 16:54:21 2006 +++ phpdoc/en/reference/session/ini.xml Fri Aug 11 16:21:54 2006 @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="iso-8859-1"?> -<!-- $Revision: 1.40 $ --> +<!-- $Revision: 1.41 $ --> <section id="session.configuration"> &reftitle.runtime; &extension.runtime; @@ -89,6 +89,12 @@ <entry>Available since PHP 4.0.4.</entry> </row> <row> + <entry>session.cookie_httponly</entry> + <entry>""</entry> + <entry>PHP_INI_ALL</entry> + <entry>Available since PHP 5.2.0.</entry> + </row> + <row> <entry>session.use_cookies</entry> <entry>"1"</entry> <entry>PHP_INI_ALL</entry> @@ -166,16 +172,6 @@ <entry>PHP_INI_ALL</entry> <entry>Available since PHP 4.0.4.</entry> </row> - -<!-- Not yet - <row> - <entry>session.encode_sources</entry> - <entry>"globals</entry> - <entry>track"</entry> - <entry></entry> - </row> ---> - </tbody> </tgroup> </table> @@ -508,6 +504,21 @@ </listitem> </varlistentry> + <varlistentry id="ini.session.cookie-httponly"> + <term> + <parameter>session.cookie_httponly</parameter> + <type>boolean</type> + </term> + <listitem> + <simpara> + Marks the cookie as accessible only through the HTTP protocol. This means + that the cookie won't be accessible by scripting languages, such as + JavaScript. This setting can effectly help to reduce identity theft + through XSS attacks (although it is not supported by all browsers). + </simpara> + </listitem> + </varlistentry> + <varlistentry id="ini.session.cache-limiter"> <term> <parameter>session.cache_limiter</parameter> http://cvs.php.net/viewvc.cgi/phpdoc/en/reference/session/functions/session-get-cookie-params.xml?r1=1.4&r2=1.5&diff_format=u Index: phpdoc/en/reference/session/functions/session-get-cookie-params.xml diff -u phpdoc/en/reference/session/functions/session-get-cookie-params.xml:1.4 phpdoc/en/reference/session/functions/session-get-cookie-params.xml:1.5 --- phpdoc/en/reference/session/functions/session-get-cookie-params.xml:1.4 Mon Apr 19 21:24:57 2004 +++ phpdoc/en/reference/session/functions/session-get-cookie-params.xml Fri Aug 11 16:21:54 2006 @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="iso-8859-1"?> -<!-- $Revision: 1.4 $ --> +<!-- $Revision: 1.5 $ --> <!-- splitted from ./en/functions/session.xml, last change in rev 1.8 --> <refentry id="function.session-get-cookie-params"> <refnamediv> @@ -40,6 +40,12 @@ (This item was added in PHP 4.0.4.) </simpara> </listitem> + <listitem> + <simpara> + "httponly" - The cookie can only be accessed through the HTTP protocol + (This item was added in PHP 5.2.0). + </simpara> + </listitem> </itemizedlist> </para> <para> @@ -47,7 +53,8 @@ <link linkend="ini.session.cookie-lifetime">session.cookie_lifetime</link>, <link linkend="ini.session.cookie-path">session.cookie_path</link>, <link linkend="ini.session.cookie-domain">session.cookie_domain</link>, - <link linkend="ini.session.cookie-secure">session.cookie_secure</link>, and + <link linkend="ini.session.cookie-secure">session.cookie_secure</link>, + <link linkend="ini.session.cookie-httponly">session.cookie_httponly</link>, and <function>session_set_cookie_params</function>. </para> </refsect1> http://cvs.php.net/viewvc.cgi/phpdoc/en/reference/session/functions/session-set-cookie-params.xml?r1=1.4&r2=1.5&diff_format=u Index: phpdoc/en/reference/session/functions/session-set-cookie-params.xml diff -u phpdoc/en/reference/session/functions/session-set-cookie-params.xml:1.4 phpdoc/en/reference/session/functions/session-set-cookie-params.xml:1.5 --- phpdoc/en/reference/session/functions/session-set-cookie-params.xml:1.4 Mon Apr 19 21:24:57 2004 +++ phpdoc/en/reference/session/functions/session-set-cookie-params.xml Fri Aug 11 16:21:54 2006 @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="iso-8859-1"?> -<!-- $Revision: 1.4 $ --> +<!-- $Revision: 1.5 $ --> <!-- splitted from ./en/functions/session.xml, last change in rev 1.2 --> <refentry id="function.session-set-cookie-params"> <refnamediv> @@ -16,6 +16,7 @@ <methodparam choice="opt"><type>string</type><parameter>path</parameter></methodparam> <methodparam choice="opt"><type>string</type><parameter>domain</parameter></methodparam> <methodparam choice="opt"><type>bool</type><parameter>secure</parameter></methodparam> + <methodparam choice="opt"><type>bool</type><parameter>httponly</parameter></methodparam> </methodsynopsis> <para> Set cookie parameters defined in the &php.ini; file. The effect of this @@ -26,7 +27,8 @@ <note> <para> The <parameter>secure</parameter> parameter was added in PHP - 4.0.4. + 4.0.4, while the <parameter>httponly</parameter> parameter was added in + PHP 5.2.0. </para> </note> <para> @@ -34,7 +36,8 @@ <link linkend="ini.session.cookie-lifetime">session.cookie_lifetime</link>, <link linkend="ini.session.cookie-path">session.cookie_path</link>, <link linkend="ini.session.cookie-domain">session.cookie_domain</link>, - <link linkend="ini.session.cookie-secure">session.cookie_secure</link>, and + <link linkend="ini.session.cookie-secure">session.cookie_secure</link>, + <link linkend="ini.session.cookie-httponly">session.cookie_httponly</link>, and <function>session_get_cookie_params</function>. </para> </refsect1> http://cvs.php.net/viewvc.cgi/phpdoc/en/reference/network/functions/setcookie.xml?r1=1.1&r2=1.2&diff_format=u Index: phpdoc/en/reference/network/functions/setcookie.xml diff -u phpdoc/en/reference/network/functions/setcookie.xml:1.1 phpdoc/en/reference/network/functions/setcookie.xml:1.2 --- phpdoc/en/reference/network/functions/setcookie.xml:1.1 Mon Jul 24 11:01:55 2006 +++ phpdoc/en/reference/network/functions/setcookie.xml Fri Aug 11 16:21:54 2006 @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="iso-8859-1"?> -<!-- $Revision: 1.1 $ --> +<!-- $Revision: 1.2 $ --> <!-- splitted from ./en/functions/http.xml, last change in rev 1.2 --> <refentry id="function.setcookie"> <refnamediv> @@ -16,6 +16,7 @@ <methodparam choice="opt"><type>string</type><parameter>path</parameter></methodparam> <methodparam choice="opt"><type>string</type><parameter>domain</parameter></methodparam> <methodparam choice="opt"><type>bool</type><parameter>secure</parameter></methodparam> + <methodparam choice="opt"><type>bool</type><parameter>httponly</parameter></methodparam> </methodsynopsis> <para> <function>setcookie</function> defines a cookie to be sent along @@ -140,7 +141,20 @@ is &false;. </entry> <entry> - <literal>0</literal> or <literal>1</literal> + &true; or &false; + </entry> + </row> + <row> + <entry><parameter>httponly</parameter></entry> + <entry> + When &true; the cookie will be made accessible only through the HTTP + protocol. This means that the cookie won't be accessible by + scripting languages, such as JavaScript. This setting can effectly + help to reduce identity theft through XSS attacks (although it is + not supported by all browsers). Added in PHP 5.2.0. + </entry> + <entry> + &true; or &false; </entry> </row> </tbody> http://cvs.php.net/viewvc.cgi/phpdoc/en/reference/network/functions/setrawcookie.xml?r1=1.1&r2=1.2&diff_format=u Index: phpdoc/en/reference/network/functions/setrawcookie.xml diff -u phpdoc/en/reference/network/functions/setrawcookie.xml:1.1 phpdoc/en/reference/network/functions/setrawcookie.xml:1.2 --- phpdoc/en/reference/network/functions/setrawcookie.xml:1.1 Mon Jul 24 11:01:55 2006 +++ phpdoc/en/reference/network/functions/setrawcookie.xml Fri Aug 11 16:21:54 2006 @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="iso-8859-1"?> -<!-- $Revision: 1.1 $ --> +<!-- $Revision: 1.2 $ --> <!-- splitted from ./en/functions/http.xml, last change in rev 1.2 --> <refentry id="function.setrawcookie"> <refnamediv> @@ -16,12 +16,18 @@ <methodparam choice="opt"><type>string</type><parameter>path</parameter></methodparam> <methodparam choice="opt"><type>string</type><parameter>domain</parameter></methodparam> <methodparam choice="opt"><type>bool</type><parameter>secure</parameter></methodparam> + <methodparam choice="opt"><type>bool</type><parameter>httponly</parameter></methodparam> </methodsynopsis> <para> <function>setrawcookie</function> is exactly the same as <function>setcookie</function> except that the cookie value will not be automatically urlencoded when sent to the browser. </para> + <note> + <para> + The <parameter>httponly</parameter> parameter was added in PHP 5.2.0. + </para> + </note> <para> See also <function>header</function>, <function>setcookie</function> and the <link linkend="features.cookies">cookies section</link>.