8000 [HttpFoundation] don't prefix cookies with "Set-Cookie:" · symfony/symfony@a4db20f · GitHub
[go: up one dir, main page]

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit a4db20f

Browse files
pableunicolas-grekas
authored andcommitted
[HttpFoundation] don't prefix cookies with "Set-Cookie:"
See #25393
1 parent ecf54d5 commit a4db20f

File tree

3 files changed

+38
-1
lines changed

3 files changed

+38
-1
lines changed

src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,7 @@ public function destroy($sessionId)
156156
if ($sessionCookieFound) {
157157
header_remove('Set-Cookie');
158158
foreach ($otherCookies as $h) {
159-
header('Set-Cookie:'.$h, false);
159+
header($h, false);
160160
}
161161
} else {
162162
setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
open
2+
validateId
3+
read
4+
doRead: abc|i:123;
5+
read
6+
updateTimestamp
7+
close
8+
open
9+
validateId
10+
read
11+
doRead: abc|i:123;
12+
read
13+
14+
write
15+
destroy
16+
doDestroy
17+
close
18+
Array
19+
(
20+
[0] => Content-Type: text/plain; charset=utf-8
21+
[1] => Cache-Control: max-age=10800, private, must-revalidate
22+
[2] => Set-Cookie: abc=def
23+
)
24+
shutdown
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
<?php
2+
3+
require __DIR__.'/common.inc';
4+
5+
setcookie('abc', 'def');
6+
7+
session_set_save_handler(new TestSessionHandler('abc|i:123;'), false);
8+
session_start();
9+
session_write_close();
10+
session_start();
11+
12+
$_SESSION['abc'] = 234;
13+
unset($_SESSION['abc']);

0 commit comments

Comments
 (0)
0