易截截图软件、单文件、免安装、纯绿色、仅160KB

httpOnly cookie flag support in PHP 5.2

http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html
Thanks to a patch from Scott
MacVicar that I've just applied to CVS, PHP 5.2 will have support for
httpOnly cookie flag. This neat little feature allows you to mark a
newly created cookie as HTTP only, another words inaccessible to
browser based scripting languages such as JavaScript. This means it
would become far more difficult, if not impossible to steal a user's
cookie based session by injecting JavaScript into a page and then using
to read cookies.
This flag can be toggled by passing TRUE as the 7th parameter to the
setcookie() and the setrawcookie() functions respectively. Ex:
PHP:
<?
php
setcookie
(
"abc"

"test"

NULL

NULL

NULL

NULL

TRUE
); 
setrawcookie
(
"abc"

"test"

NULL

NULL

NULL

NULL

TRUE
); 
?>
The support of the httpOnly flag extends to the session extension as
well, where it can be enabled by setting the session.cookie_httponly
INI setting to 1. Or passing TRUE as the 5th parameter to the
session_set_cookie_params() function.
PHP:
<?
php
ini_set
(
"session.cookie_httponly"

1
);
// or
session_set_cookie_params
(
0

NULL

NULL

NULL

TRUE
);
?>
Unfortunately, at this time according to my tests no other browser has
adopted this rather handy feature, but with the continual increase of
XSS attacks, I am sure they'll adopt this concept soon.
For people using PHP 4 and PHP 5.1 you can add this flag yourself by
sending cookies manually via the header function and prefixing the
;httpOnly flag to the cookie as shown in the example below:
PHP:
<?
php
header
(
"Set-Cookie: hidden=value; httpOnly"
);
?>



相关文档:

PHP命令行编程实例:FTP+SSL简单客户端示例

有同学需要使用SSL+FTP的方式加密传输文件。希望我给封装一个东西,需求就是可以上传文件(PUT)和远端改名(RENAME)就行。
我开始以为SSL+FTP = SFTP,后来发现这个想法好像是错误的。SFTP是跑在SSH协议上面的FTP,而FTPs就像https一样是跑在SSL协议上面的FTP。
示例程序使用了ftp_ssl_connect函数。源代码如下:
#! / ......

PHP 模拟 Post 的两种方法

function poster()
{
$URL = 'http://www.yw56.com.cn/DIY.asp'; //需要提交到的页面
//下面这段是要提交的数据
$post_data['orderid'] = "YW861736303CN";
$post_data['button'] = "提交";

$referrer="http://www.yw56.com.cn/DIY.asp";
$Cookie=&qu ......

php请求webservice超时设置

我们的电话报名系统中,呼叫中心收集了用户的银行信息,然后请求银行的支付接口的webservice,需要进行超时设置,因为不能一直让学员等待
解决方法是
1:首先先要看一下php.ini里的默认超时时间,一般是120秒
2:在php代码里加上
ini_set('default_socket_timeout', 10);//设置超时时间
如下图
......

PHP面试 2

基础题:
1.表单中 get与post提交方法的区别?
答:get是发送请求HTTP协议通过url参数传递进行接收,而post是实体数据,可以通过表单提交大量信息.
2.session与cookie的区别?
答:session:储存用户访问的全局唯一变量,存储在服务器上的php指定的目录中的(session_dir)的位置进行的存放
   cookie:用来存储连续&# ......

PHP中session与cookie的区别

 1. PHP的COOKIE
cookie 是一种在远程浏览器端储存数据并以此来跟踪和识别用户的机制。
PHP在http协议的头信息里发送cookie, 因此 setcookie() 函数必须在其它信息被输出到浏览器前调用,这和对 header() 函数的限制类似。
1.1 设置cookie:
    可以 ......
© 2009 ej38.com All Rights Reserved. 关于E健网联系我们 | 站点地图 | 赣ICP备09004571号