Fletcher Mattox wrote:
I have learned that apparently PHP silently runs urldecode()
on all cookies before copying them into the $_COOKIE variable, under
the assumption that all cookies have been urlencoded.
This seems like a bad assumption to me, and is perhaps an attempt to be
consistent with $_GET and $_REQUEST, which as Brad points out, have to
be url encoded. But cookies aren't urls. I thought their purpose was
to transfer data transparently, but maybe I am wrong about that.
Warning: this is my opinion. :-)
I don't believe is is a bad assumption; I can see exactly why it would
have been done that way...
Cookies must be encoded somehow: Because a raw cookie will contain
"var=val; expires=time; path=/path/" type stuff, PHP would *have* to
encode it. If a user runs "setcookie('mycookie','this is my cookie; have
a bite!');", PHP has to pick some kind of encoding, and urlencoding
makes the most sense given its similarities to GET and POST.
Since PHP urlencodes values it sets, it follows logically that it would
also urldecode values it retrieves.
If you don't want PHP's automagic cookie handling you can do it manually
as well with header('Set-Cookie: ...') and $_SERVER['HTTP_COOKIE'] on
the other end - which I believe is what you decided on.
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
