PHP100 » PHP教程 » Send a cookie without urlencoding the cookie value

PHP setrawcookie Send a cookie without urlencoding the cookie value


(PHP 5)

setrawcookieSend a cookie without urlencoding the cookie value


bool setrawcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )

setrawcookie() is exactly the same as setcookie() except that the cookie value will not be automatically urlencoded when sent to the browser.


For parameter information, see the setcookie() documentation.


成功时返回 TRUE, 或者在失败时返回 FALSE.


版本 说明
5.2.0 The httponly parameter was added.


PHP setrawcookie note #1

You really shouldn't use (un)serialize with cookies. An evil user could inject ANY code in your script.

PHP setrawcookie note #2

After having several problems with this cookie thing, I'm using base64_encode on the data I put into a cookie, so I can avoid problems, I had before. I tried to set up cookie with data created by serialize() from a PHP array, but it did not work to be able to get it back, after I modified it to use value of base64_encode(serialize(...)) to set up the cookie, and unserialize(base64_decode(..)) to get back the value, everything started to work.

PHP setrawcookie note #3

For PHP 4 systems you can use...
('Set-Cookie: name=value');

... but it seems to be difficult to obtain the results without PHP's automatic URL decoding :o(

PHP setrawcookie note #4

setrawcookie() isn't entirely 'raw'. It will check the value for invalid characters, and then disallow the cookie if there are any. These are the invalid characters to keep in mind: ',;<space> 13 14'.

Note that comma, space and tab are three of the invalid characters. IE, Firefox and Opera work fine with these characters, and PHP reads cookies containing them fine as well. However, if you want to use these characters in cookies that you set from php, you need to use header().

PHP setrawcookie note #5

Firefox is following the real spec and does not decode '+' to fact it further encodes them to '%2B' to store the cookie.  If you read a cookie using javascript and unescape it, all your spaces will be turned to '+'.
To fix this problem, use setrawcookie and rawurlencode:

('cookie_name', rawurlencode($value), time()+60*60*24*365);

The only change is that spaces will be encoded to '%20' instead of '+' and will now decode properly.