httpOnly cookie flag support in PHP 5.2
http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html
Thanks to a patch from Scott
MacVicar that I've just applied to CVS, PHP 5.2 will have support for
httpOnly cookie flag. This neat little feature allows you to mark a
newly created cookie as HTTP only, another words inaccessible to
browser based scripting languages such as JavaScript. This means it
would become far more difficult, if not impossible to steal a user's
cookie based session by injecting JavaScript into a page and then using
to read cookies.
This flag can be toggled by passing TRUE as the 7th parameter to the
setcookie() and the setrawcookie() functions respectively. Ex:
PHP:
<?
php
setcookie
(
"abc"
,
"test"
,
NULL
,
NULL
,
NULL
,
NULL
,
TRUE
);
setrawcookie
(
"abc"
,
"test"
,
NULL
,
NULL
,
NULL
,
NULL
,
TRUE
);
?>
The support of the httpOnly flag extends to the session extension as
well, where it can be enabled by setting the session.cookie_httponly
INI setting to 1. Or passing TRUE as the 5th parameter to the
session_set_cookie_params() function.
PHP:
<?
php
ini_set
(
"session.cookie_httponly"
,
1
);
// or
session_set_cookie_params
(
0
,
NULL
,
NULL
,
NULL
,
TRUE
);
?>
Unfortunately, at this time according to my tests no other browser has
adopted this rather handy feature, but with the continual increase of
XSS attacks, I am sure they'll adopt this concept soon.
For people using PHP 4 and PHP 5.1 you can add this flag yourself by
sending cookies manually via the header function and prefixing the
;httpOnly flag to the cookie as shown in the example below:
PHP:
<?
php
header
(
"Set-Cookie: hidden=value; httpOnly"
);
?>
Ïà¹ØÎĵµ£º
ÏÖÔÚÖ÷Á÷µÄÍøÕ¾¿ª·¢ÓïÑÔÎÞÍâºõasp¡¢php¡¢asp.net¡¢jspµÈ¡£
ÍøÒ³´Ó¿ªÊ¼¼òµ¥µÄhmtlµ½¸´ÔӵķþÎñÓïÑÔ£¬×ß¹ýÁË10¶à¸öÄêÍ·£¬¸÷ÖÖ¼¼Êõ²ã³ö²»Çµ¥¸öµÄÖ÷Á÷¼¼ÊõÒ²ÔÚ²»¶Ï·Ðµİ汾£¬ÏÖÔÚ·ÖÎöϸ÷ÖÖÓïÑÔµÄÇø±ð¡¢ÓÅÊÆ¡¢ÁÓÊÆ¡¢¿ª·¢×¢ÒâÊÂÏ
HTML:µ±È»ÕâÊÇÍøÒ³×î»ù±¾µÄÓïÑÔ,ÿһ¸ö·þÎñÆ÷ÓïÑÔ¶¼ÐèÒªËüµÄÖ§³Ö,Ҫѧϰ,Õâ¸ö¿Ï¶¨ÊÇ¿ª ......
Ç°Ì᣺ Apache ºÍ MysqlÒѾ°²×°Íê±Ï¡£
php °æ±¾£ºphp-5.2.6.tar.gz
ÏÂÔصØÖ·£º
ZendOptimiter-3.3.3-linux-glibc23-i386.tar.gz
ÏÂÔصØÖ·£º
1. Ê×ÏÈ°²×° GD¿âÈí¼þ
libxml2-2.7.2.tar.gz
ÏÂÔصØÖ·£º
#tar -zxvf libxml2-2.7.2.tar.gz
#cd libxml2-2.7.2
#mkdir /usr/local/modules
#mkdir /usr/loc ......
/* Author: ÑîÓî <yangyu@sina.cn> */
//½«Ã루·Çʱ¼ä´Á£©×ª»¯³É ** Сʱ ** ·Ö
function sec2time($sec){
$sec = round($sec/60);
if ($sec >= 60){
$hour = floor($sec/60);
$min = $sec%60;
$res = $hour.' Сʱ ';
$min != ......
¸ÕѧPHPµÄMVC,ÍøÉÏÕÒÀ´µãÎÄÕÂѧϰ,·ÖÏíÏÂ
ASP£¬JSP£¬PHPÊÇWEB¿ª·¢µÄÈý´ó¼¼Êõ£¬ÈýÖÖ¼¼ÊõÓÅȱµãÒ²Ôç¾ÍÓÐÈË·ÖÎö¹ýÁË¡£ÎÞ·ÇÒ²¾ÍÊÇASP¼òµ¥Ò×ÓÃÇÒÓÐmicrosoft×ö¿¿É½£¬JSP¹¦ÄÜÇ¿´óÊÇÒòΪÓÐjavaÖ§³Ö£¬PHPÔò¿ªÔ´¿çƽ̨¡£ÔÚ¹úÄÚ£¬ASPÓ¦Ó÷¶Î§×î¹ã£¬JSP·¢Õ¹ÊÆÍ·×îÃÍ£¬PHPÔò´¦ÓÚÁÓÊÆ¡£Õâ¿ÉÄÜÓë¹«Ë ......
tidy ÊÇÒ»¸ö·Ç³£°ïæµÄÍøÒ³´úÂë·ÖÎöºÍ¾À´íµÄ¹¤¾ß£¬Äܹ»Ö§³Ö¶àÖÖÒ³Ãæ±àÂ룬²¢ÇÒÖ§³ÖxhtmlÊä³ö¡£Èç¹ûÎÒÃÇ͵ÀÁ£¬ÉõÖÁ¿ÉÒÔ½«Õû¸öÒ³Ã滺´æ£¬×îºó²ÉÓÃtidy´¦Àí£¬×îºóÊä³öÍêÃÀµÄxhtml´úÂë¡£
linuxÏ°²×°¹ý³ÌÈçÏ£º
Ê×ÏÈ°²×°tidy £¬ÏÂÔØtidyÔ´´úÂ룺
cvs -d:pserver: anonymous@tidy.cvs.sourceforge.net Ϊ·À±¸µç×ÓÓʼþµØÖ·ÊÕ¼¯ ......
