易截截图软件、单文件、免安装、纯绿色、仅160KB

httpOnly cookie flag support in PHP 5.2

http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html
Thanks to a patch from Scott
MacVicar that I've just applied to CVS, PHP 5.2 will have support for
httpOnly cookie flag. This neat little feature allows you to mark a
newly created cookie as HTTP only, another words inaccessible to
browser based scripting languages such as JavaScript. This means it
would become far more difficult, if not impossible to steal a user's
cookie based session by injecting JavaScript into a page and then using
to read cookies.
This flag can be toggled by passing TRUE as the 7th parameter to the
setcookie() and the setrawcookie() functions respectively. Ex:
PHP:
<?
php
setcookie
(
"abc"

"test"

NULL

NULL

NULL

NULL

TRUE
); 
setrawcookie
(
"abc"

"test"

NULL

NULL

NULL

NULL

TRUE
); 
?>
The support of the httpOnly flag extends to the session extension as
well, where it can be enabled by setting the session.cookie_httponly
INI setting to 1. Or passing TRUE as the 5th parameter to the
session_set_cookie_params() function.
PHP:
<?
php
ini_set
(
"session.cookie_httponly"

1
);
// or
session_set_cookie_params
(
0

NULL

NULL

NULL

TRUE
);
?>
Unfortunately, at this time according to my tests no other browser has
adopted this rather handy feature, but with the continual increase of
XSS attacks, I am sure they'll adopt this concept soon.
For people using PHP 4 and PHP 5.1 you can add this flag yourself by
sending cookies manually via the header function and prefixing the
;httpOnly flag to the cookie as shown in the example below:
PHP:
<?
php
header
(
"Set-Cookie: hidden=value; httpOnly"
);
?>



相关文档:

Linux Enterprise5 下 php安装

前提: Apache 和 Mysql已经安装完毕。
php 版本:php-5.2.6.tar.gz
下载地址:
 ZendOptimiter-3.3.3-linux-glibc23-i386.tar.gz
下载地址:
1. 首先安装  GD库软件
libxml2-2.7.2.tar.gz
下载地址:
#tar -zxvf libxml2-2.7.2.tar.gz
#cd libxml2-2.7.2
#mkdir /usr/local/modules
#mkdir /usr/loc ......

PHP中session与cookie的区别

 1. PHP的COOKIE
cookie 是一种在远程浏览器端储存数据并以此来跟踪和识别用户的机制。
PHP在http协议的头信息里发送cookie, 因此 setcookie() 函数必须在其它信息被输出到浏览器前调用,这和对 header() 函数的限制类似。
1.1 设置cookie:
    可以 ......

学了N年PHP之后,学会PHP调试

PHP调试环境非常麻烦,而且种类其多.网上的相关文章太多了,但由于时效的问题,并不能用.
今天找到一篇文章,于2009年12月17日测试可用.但使用PDT之前,需装JDK,可到http://www.skycn.com/soft/3116.html下载
文章地址:http://blog.csdn.net/yuhui_fish/archive/2009/03/29/4033397.aspx
内容如下:
最近在用php,配置很麻烦� ......

jquery php ajax

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> TEST </title>
<meta name="generator" content="editplus" /> ......

重新审视 PHP 框架 CodeIgniter VS Zend

作者:Ekerete
翻译:Emeric Li (http://lee.kometo.com/index.php/archives/117
)
原文:http://www.avnetlabs.com/php/php ... r-vs-zend-framework
我们计划从头开始一个新项目,为此评估了一些PHP框架。我们的备选列表有CakePHP , CodeIgniter , Symfony和Zend 。 我们分别使用这4种框架编写了一个相同的小应用( ......
© 2009 ej38.com All Rights Reserved. 关于E健网联系我们 | 站点地图 | 赣ICP备09004571号