开发者

PHP Cookie is getting lost

I'm having this weird problem where my cookies are getting lost in a weird way. I'm on wordpress, and it seems to hold the value fine while I click through pages开发者_Python百科, but when I insert a post on a page it loses the cookie.

The weirdest part is that it doesn't loose it the first time, but if I create two posts in a row, then it will loose it.

I've read a lot about refreshes, I took them all out, and it still does it. I also read about wordpress not liking cookies that don't have a domain specified, so my cookies look like this:

setcookie("auth", $cyph, time()+60*60*24*60, '/', '.domain.com');

where $cyph is a serialized array ( base64_encode(serialize($cyph)); ). Like I said, it holds the value fine until I interact in some way with wordpress.

Any ideas?


where $cyph is a serialized array ( base64_encode(serialize($cyph)); )

Yikes!

Never expose serialized data to end-users. Please reference this PDF presentation by PHP security expert Stefen Esser, starting on page 28. It is possible to manipulate serialized data in such a way that a poorly-designed class can allow for arbitrary code execution amongst other things.

It looks like you're trying to store an authentication token. Please store an appropriate hash instead.


With regard to the actual cookie setting program, what browser are you using? Modern browsers have the ability to inspect the HTTP headers for requests and responses using their developer tools. Using one of these tools, it should be easy to see if the cookie is being set properly. If you use Firefox, install Firebug. If you use Chrome, use the Wrench menu => Tools => Developer Tools.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜