httpOnly cookie flag support in PHP 5.2
http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html
Thanks to a patch from Scott
MacVicar that I've just applied to CVS, PHP 5.2 will have support for
httpOnly cookie flag. This neat little feature allows you to mark a
newly created cookie as HTTP only, another words inaccessible to
browser based scripting languages such as JavaScript. This means it
would become far more difficult, if not impossible to steal a user's
cookie based session by injecting JavaScript into a page and then using
to read cookies.
This flag can be toggled by passing TRUE as the 7th parameter to the
setcookie() and the setrawcookie() functions respectively. Ex:
PHP:
<?
php
setcookie
(
"abc"
,
"test"
,
NULL
,
NULL
,
NULL
,
NULL
,
TRUE
);
setrawcookie
(
"abc"
,
"test"
,
NULL
,
NULL
,
NULL
,
NULL
,
TRUE
);
?>
The support of the httpOnly flag extends to the session extension as
well, where it can be enabled by setting the session.cookie_httponly
INI setting to 1. Or passing TRUE as the 5th parameter to the
session_set_cookie_params() function.
PHP:
<?
php
ini_set
(
"session.cookie_httponly"
,
1
);
// or
session_set_cookie_params
(
0
,
NULL
,
NULL
,
NULL
,
TRUE
);
?>
Unfortunately, at this time according to my tests no other browser has
adopted this rather handy feature, but with the continual increase of
XSS attacks, I am sure they'll adopt this concept soon.
For people using PHP 4 and PHP 5.1 you can add this flag yourself by
sending cookies manually via the header function and prefixing the
;httpOnly flag to the cookie as shown in the example below:
PHP:
<?
php
header
(
"Set-Cookie: hidden=value; httpOnly"
);
?>
相关文档:
PHP多用户在线客服系统,后台有代码镶嵌到你的系统中,不过这个是英文的,感觉很实用,简洁,方便,需要的可以自己汉化,不就是改里面的一些提示信息嘛,地址是:http://mibew.org/
,这个是开源的,支持多用户同时在线联系客服,客服后台及时性很强,只要用户点击在线客服,后台就有提示,而且可以查看聊天记录,很多实用 ......
Apache官方下载地址:apache_2.0.55-win32-x86-no_ssl.msi,更多版本在这里;
php官方下载地址:php-5.0.5-Win32.zip,更多镜像下载地址,更多版本下载;
mysql官方下载地址:mysql-4.1.14-win32.zip,更多镜像下载地址,更多版本下载。
Apache的配置:
我一开始怎么搞都不好,我上网找,有的说是iis的问题,有的说是 ......
现在主流的网站开发语言无外乎asp、php、asp.net、jsp等。
网页从开始简单的hmtl到复杂的服务语言,走过了10多个年头,各种技术层出不穷,单个的主流技术也在不断翻新的版本,现在分析下各种语言的区别、优势、劣势、开发注意事项!
HTML:当然这是网页最基本的语言,每一个服务器语言都需要它的支持,要学习,这个肯定是开 ......
# 安装tidy
yum install tidy libtidy-devel
# 给php添加tidy模块
wget http://pecl.php.net/get/tidy-1.2.tgz
tar -xvzf tidy-1.2.tgz
cd tidy-1.2
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --libdir=/usr/lib64
make
make install
echo "extension="tidy.so"" ......
作者:Ekerete
翻译:Emeric Li (http://lee.kometo.com/index.php/archives/117
)
原文:http://www.avnetlabs.com/php/php ... r-vs-zend-framework
我们计划从头开始一个新项目,为此评估了一些PHP框架。我们的备选列表有CakePHP , CodeIgniter , Symfony和Zend 。 我们分别使用这4种框架编写了一个相同的小应用( ......