Robert Cummings writes: > On Thu, 2007-02-08 at 13:51 -0600, Fletcher Mattox wrote: > > Jon Anderson writes: > > > > > Cookies must be encoded somehow: Because a raw cookie will contain > > > "var=val; expires=time; path=/path/" type stuff, PHP would *have* to > > > encode it. > > > > I don't mean to be thick, Jon, but I don't understand why it has to be > > encoded at all. Are you saying that the "path=/path/" has to be encoded? > > Well, ok (I don't entirely understand that either), but why encode > > the "val"? "val" can be arbitrary data and shoud be left uninterpreted, > > in my opinion. > > If val can be any value then it can also be: > > expires=time; path=/path/ > > Obviously, that would be an issue since that's part of the cookie > parameters. As such, it needs to be encoded. Now go away! > > :) I would argue that if someone were to embed these parameters inside a cookie's "value" parameter, then they lose all rights to the original semantics. But this is getting silly. I find it interesting that nobody has been able to cite a standard or even point to documentation of this "feature". Fletcher -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
