mirror of
https://github.com/php/php-src.git
synced 2024-09-23 10:57:26 +00:00
c5f9a231d5
Up until now the session cookie used "HttpOnly" to indicate cookies only available through HTTP while setcookie() used "httponly". The relevant RFC 6265 claims that case does not matter for this token, but only explicitely mentions "HttpOnly". Thus this seems like a logical choice when streamlining the code. Also the setcookie implementation now uses the same string constants as the session extension for other tokens like Max-Age or the domain attribute. This change poses a slight risk of backwards incompatibility in places where people deliberately ignore chapter 5.2.5 of RFC 6265 and perform case-sensitive checks for the HttpOnly attribute. |
||
---|---|---|
.. | ||
tests | ||
config.m4 | ||
config.w32 | ||
CREDITS | ||
mod_files.bat | ||
mod_files.c | ||
mod_files.h | ||
mod_files.sh | ||
mod_mm.c | ||
mod_mm.h | ||
mod_user_class.c | ||
mod_user.c | ||
mod_user.h | ||
package.xml | ||
php_session.h | ||
session.c |