[edit] Last updated: Fri, 10 Feb 2012

setrawcookie

(PHP 5)

setrawcookie — 値を URL エンコードせずにクッキーを送信する

説明

bool setrawcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )

setrawcookie() は、ブラウザに送信される際クッキーの値が自動的に URL エンコードされないことを除き、 setcookie() と等価です。

パラメータ

パラメータについての情報は setcookie() のドキュメントを参照ください。

返り値

成功した場合に TRUE を、失敗した場合に FALSE を返します。

変更履歴

バージョン	説明
5.2.0	`httponly` パラメータが追加されました。

参考

setcookie() - クッキーを送信する

socket_get_status

setcookie

[edit] Last updated: Fri, 10 Feb 2012

add a note User Contributed Notes setrawcookie

kexianbin at diyism dot com 28-Dec-2011 07:35


my php cookie value encode function:



<?php

function encode_cookie_value($value)

         {return strtr($value,

                       array_combine(str_split($tmp=",; \t\r\n\013\014"),

                                     array_map('rawurlencode', str_split($tmp))

                                    )

                      );

         }

setrawcookie('kk', encode_cookie_value('jk=jk?jk-/":jk;jk jk,jk'));

?>

Sebastian 29-Jun-2011 04:59


You really shouldn't use (un)serialize with cookies. An evil user could inject ANY code in your script.

lgb 01-Oct-2009 01:53


After having several problems with this cookie thing, I'm using base64_encode on the data I put into a cookie, so I can avoid problems, I had before. I tried to set up cookie with data created by serialize() from a PHP array, but it did not work to be able to get it back, after I modified it to use value of base64_encode(serialize(...)) to set up the cookie, and unserialize(base64_decode(..)) to get back the value, everything started to work.

Anonymous 10-Apr-2008 02:01


For PHP 4 systems you can use...

<?php

header('Set-Cookie: name=value');

?>



... but it seems to be difficult to obtain the results without PHP's automatic URL decoding :o(

subs at voracity dot org 12-Dec-2006 05:31


setrawcookie() isn't entirely 'raw'. It will check the value for invalid characters, and then disallow the cookie if there are any. These are the invalid characters to keep in mind: ',;<space>\t\r\n\013\014'.



Note that comma, space and tab are three of the invalid characters. IE, Firefox and Opera work fine with these characters, and PHP reads cookies containing them fine as well. However, if you want to use these characters in cookies that you set from php, you need to use header().

Brian 10-Mar-2006 11:56


Firefox is following the real spec and does not decode '+' to space...in fact it further encodes them to '%2B' to store the cookie.  If you read a cookie using javascript and unescape it, all your spaces will be turned to '+'.


To fix this problem, use setrawcookie and rawurlencode:





<?php


setrawcookie('cookie_name', rawurlencode($value), time()+60*60*24*365);


?>





The only change is that spaces will be encoded to '%20' instead of '+' and will now decode properly.

add a note