The PHP Online Conference 2021
    Edit Report a Bug

    setrawcookie

    (PHP 5, PHP 7)

    setrawcookieEnviar una cookie sin codificar su valor

    Descripción

    setrawcookie ( string $name [, string $value [, int $expires = 0 [, string $path [, string $domain [, bool $secure = FALSE [, bool $httponly = FALSE ]]]]]] ) : bool
    setrawcookie ( string $name [, string $value [, array $options = [] ]] ) : bool

    setrawcookie() es exactamente el mismo que setcookie() excepto que el valor de la cookie no será automáticamente codificado cuando se envía al navegador.

    Parámetros

    Para información sobre los parámetros, consulte la función setcookie().

    Valores devueltos

    Devuelve TRUE en caso de éxito o FALSE en caso de error.

    Historial de cambios

    Versión Descripción
    7.3.0 Una alternativa que soporta un array options ha sido añadida. Esta alternativa soporta también la configuración del atributo de la cookie de SameSite.
    5.5.0 Ahora se incluye un atributo Max-Age en la cabecera Set-Cookie enviada al cliente.
    5.2.0 Se añadió el parámetro httponly.

    Ver también

    add a note add a note

    User Contributed Notes 6 notes

    up
    29
    Brian
    14 years ago
    Firefox is following the real spec and does not decode '+' to space...in fact it further encodes them to '%2B' to store the cookie.  If you read a cookie using javascript and unescape it, all your spaces will be turned to '+'.
    To fix this problem, use setrawcookie and rawurlencode:

    <?php
    setrawcookie    ('cookie_name', rawurlencode($value), time()+60*60*24*365);
    ?>

    The only change is that spaces will be encoded to '%20' instead of '+' and will now decode properly.
    up
    16
    subs at voracity dot org
    13 years ago
    setrawcookie() isn't entirely 'raw'. It will check the value for invalid characters, and then disallow the cookie if there are any. These are the invalid characters to keep in mind: ',;<space>\t\r\n\013\014'.

    Note that comma, space and tab are three of the invalid characters. IE, Firefox and Opera work fine with these characters, and PHP reads cookies containing them fine as well. However, if you want to use these characters in cookies that you set from php, you need to use header().
    up
    3
    sageptr at gmail dot com
    8 years ago
    If you want to pass something and unserialize later, you should somehow sign value to ensure evil user don't modify it.
    For example, calculate hash sha1($value.$securekey) and place it to different cookie. If cookie value mismatch hash - simple discard both.
    This technique you can use in any case if you want to protect cookie from modification, but it can't protect from deletion or from setting to other valid cookie (old or stolen from other user).
    up
    3
    Sebastian
    9 years ago
    You really shouldn't use (un)serialize with cookies. An evil user could inject ANY code in your script.
    up
    -4
    lgb
    11 years ago
    After having several problems with this cookie thing, I'm using base64_encode on the data I put into a cookie, so I can avoid problems, I had before. I tried to set up cookie with data created by serialize() from a PHP array, but it did not work to be able to get it back, after I modified it to use value of base64_encode(serialize(...)) to set up the cookie, and unserialize(base64_decode(..)) to get back the value, everything started to work.
    up
    -33
    kexianbin at diyism dot com
    8 years ago
    my php cookie value encode function:

    <?php
    function encode_cookie_value($value)
             {return     strtr($value,
                               array_combine(str_split($tmp=",; \t\r\n\013\014"),
                                             array_map('rawurlencode', str_split($tmp))
                                        )
                          );
             }
    setrawcookie('kk', encode_cookie_value('jk=jk?jk-/":jk;jk jk,jk'));
    ?>
    add a note add a note
    To Top