[DOCS]When settings cookie params, 'httponly' works, while 'httpOnly' #2148

Closed
queirozfcom opened this Issue Feb 26, 2013 · 12 comments

6 participants

@queirozfcom

On http://www.yiiframework.com/doc/api/1.1/CHttpCookie documentation page, it says 'httpOnly' but you have to do 'httponly' for it to work actually. (I'm on v 1.1.13). We should either change the code to match the docs or the docs to match the code.

Member
mdomba commented Feb 26, 2013

Please give more information on how you use this and what is not working for you.

Currently in the code the Yii property is httpOnly

https://github.com/yiisoft/yii/blob/1.1.13/framework/web/CHttpCookie.php#L50
https://github.com/yiisoft/yii/blob/1.1.13/framework/web/CHttpRequest.php#L1175

Owner
samdark commented Feb 26, 2013

I guess it's about CHttpSession.setCookieParams.

Member
mdomba commented Feb 26, 2013

setCookieParams() does not use that Yii property...

it calls the PHP function session_get_cookie_params() that in turn uses httponly

Owner
samdark commented Feb 26, 2013

Yes. Still it's a notable difference that can be either documented or fixed.

Member
mdomba commented Feb 26, 2013

We can add more documentation but I don't see really a problem here... the CHttpCookie object has a parameter httpOnly...

setCookieParams() does not accept that object and has nothing to do with it... it accepts an array.. maybe we can just explain what is expected here... in any case in the documentation there is a link under the "see also" - http://www.yiiframework.com/doc/api/1.1/CHttpSession#setCookieParams-detail

But still @queirozfcom did not explain if that is what he meant...

Contributor

It looks like the naming of the CHttpCookie param httpOnly caused confusion (as the param for PHP's setcookie is named httponly).

But it doesn't look like it's an issue with the code.

@samdark is correct, i'm using cookieParams

this is what I mean:

'session' => [
            'sessionName' => 'company_ID',
            'cookieParams' => [
                'httponly' => true//no camel case
            ]
        ],

maybe a little bit counter-intuitive but I agree it's not Yii's fault at all.

Contributor
acorncom commented Mar 5, 2013

@queirozfcom so should this issue be closed?

@acorncom sure, my bad

@queirozfcom queirozfcom closed this Mar 5, 2013
fmunozs commented Mar 11, 2013

I think the documentation should still include 'httponly' in the valid keys section here: http://www.yiiframework.com/doc/api/1.1/CHttpSession#setCookieParams-detail

I've seen some people using 'httpOnly' with the session array: http://www.yiiframework.com/forum/index.php/topic/12849-chttpcookie-httponly/

@cebe cebe reopened this Mar 11, 2013
Contributor

Ouch, that extract difference is a bit painful. What about doing something like this?

extract($value);
    if(isset($httponly) || isset($httpOnly)) { // changed
        $httponly = (isset($httponly)) ? $httponly : $httpOnly; // added

@cebe Thoughts? Happy to send in a pull request if that looks good to you guys.

Owner
cebe commented Mar 12, 2013

I think the documentation should still include 'httponly' in the valid keys section here: http://www.yiiframework.com/doc/api/1.1/CHttpSession#setCookieParams-detail

I think it should be changed in the docs and a note should warn user about the lower and camel case issue.

@samdark samdark added a commit that closed this issue Apr 28, 2013
@samdark samdark Fixes #2148 c9dea60
@samdark samdark closed this in c9dea60 Apr 28, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment