当前位置:网站首页>Analysis of the problem that the cookie value in PHP contains a plus sign (+) and becomes a space

Analysis of the problem that the cookie value in PHP contains a plus sign (+) and becomes a space

2022-07-05 22:11:00 Selfish thoughts

background

Recently, I found some user feedback , Can't get login information , So it was analyzed

analysis

Our login information is encrypted and stored in cookie Medium , Check this user's cookie The encrypted information contains   plus “+” , however php $_COOKIE At the time of acquisition , It becomes a space , So decryption failed

Analyze the information in the request header and find , The value passed by the request is “+” Of , however :

such as cookie Stored in the   “cWEolyrQ0l63FG+YWHA”  ,$_COOKIE Get the displayed   “cWEolyrQ0l63FG YWHA”  , One more space

So I looked for information

Find the following introduction :

notes : Sending cookie when ,setcookie The value of will be automatically URL code . When received... Will be done URL decode . If you don't have to , have access to  setrawcookie()  Instead of .

notes :setrawcookie() And  setcookie()  almost the same , The difference is that it will not be sent to the client , Yes cookie Value automatically URL code . Use setrawcookie, Values within these characters cannot be used :(; \ t \ r \ n \ 013 \ 014)

Look at this introduction , I think after taking it out urldecode Just a moment 

urldecode($_COOKIE['user_id'])

Actually, it doesn't work , So try   urlencode , I found it successful , But if cookie There are other special characters in such as "/" , Not anymore. 

urlencode($_COOKIE['user_id'])

So this scheme , Can't solve the problem

Solution

We analyzed the request header above cookie Is a full , So we can try to get from the request header cookie

<?php

// getallheaders  yes  apache Supported functions ,nginx You need to define yourself 
if (!function_exists('getallheaders')) {
    function getallheaders()
    {
        foreach ($_SERVER as $name => $value) {
            if (substr($name, 0, 5) == 'HTTP_') {
                $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
            }
        }
        return $headers;
    }
}

$cookieStr = getallheaders()['Cookie'];
$cookies = explode(';',$cookieStr);
foreach($cookies as $cookie)
{
    $cookieTmp = explode('=',$cookie);
    $_COOKIE[trim($cookieTmp[0])] = trim($cookieTmp[1]);
}

Other solutions

  1. Yes cookie The value of the to base64_encode(), When you use it base64_decode()

Reference resources

PHP setrawcookie() function

PHP setcookie() function

php in cookie The value of contains a plus sign (+) Get the problem analysis that becomes a space _php_PHP Interview network

 

原网站

版权声明
本文为[Selfish thoughts]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/02/202202140451083445.html

边栏推荐

猜你喜欢

随机推荐