#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Posts
    30
    Rep Power
    2

    + characters are removed from cookie value while reteriving in PHP


    Hi All,

    I am facing this issue.. I am trying to retrieve cookie value using
    Following code

    $A1Cookie = $_COOKIE['A1'];

    While original value of A1 cookie is

    A1=Dp85vkRtkq5/sPN8UxJAUZXKk99KU5DWDWCDx43pbvLFMuG7tI3V+hKYb4BtOvBiaknZ7OHQB1TojxEgIug1yO7otbuhlmUHKmxImN52tsnddFsr pXIPIL7bliyHLZduagx+I+7LJdy+sJyd8krVNaUZql+KLNLpPeA+kOoXPw+j8Xu7wK9QLiM2X/1ky30R


    I am getting $A1Cookie as


    Dp85vkRtkq5/sPN8UxJAUZXKk99KU5DWDWCDx43pbvLFMuG7tI3V hKYb4BtOvBiaknZ7OHQB1TojxEgIug1yO7otbuhlmUHKmxImN52tsnddFsrpXIPIL7bliyHLZduagx I 7LJdy sJyd8krVNaUZql KLNLpPeA kOoXPw j8Xu7wK9QLiM2X/1ky30R


    When i compare both , it seems all "+" chars are replaced by spaces " ".

    Anybody have an idea , how can i retrieve correct cookie value , why + signs are replaced with spaces ?


    Thanks
    Amit
  2. #2
  3. No Profile Picture
    Dazed&Confused
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2002
    Location
    Tempe, AZ
    Posts
    506
    Rep Power
    128
    Cookies are stored with URL encoding, in which case the + sign represents spaces. So when PHP brings the cookie value in, it decodes it. Thus the + signs are replaced with spaces.
    LinkedIn: Dave Mittner
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Posts
    30
    Rep Power
    2
    Originally Posted by dmittner
    Cookies are stored with URL encoding, in which case the + sign represents spaces. So when PHP brings the cookie value in, it decodes it. Thus the + signs are replaced with spaces.
    Is url encoding is same as base 64 encoding , and php gives us base 64 decoded cookie value ?
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    101
    Rep Power
    27
    No, URL encoding is not base64 encoding. The mechanism that populates $_COOKIE seems to assume that the value must be URL encoded, and although there is a function setrawcookie() to set a cookie without URL-encoding its value, there is curiously no corresponding function to get the raw value. But you can get it by parsing $_SERVER['HTTP_COOKIE'].
  8. #5
  9. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    If you badly need this random-seeming string in a cookie, base64_encode it FIRST, the 64 characters in the hash are all encoding-safe.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  10. #6
  11. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,237
    Rep Power
    9400
    Originally Posted by ManiacDan
    If you badly need this random-seeming string in a cookie, base64_encode it FIRST, the 64 characters in the hash are all encoding-safe.
    (coughlettersnumbersplussignandslash)
  12. #7
  13. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    Originally Posted by requinix
    (coughlettersnumbersplussignandslash)
    Huh, you're right. What was I thinking of?
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    101
    Rep Power
    27
    Those characters would never have appeared in the cookie value if the cookie was created with setcookie(). So OP isn't trying to figure out how to encode properly, rather I think that either the cookie wasn't set by their PHP code, or it was set with setrawcookie(). I think it'd odd that we have setrawcookie() but no way to get back the raw value without having to manually parse the cookies string from $_SERVER. Seems like an oversight.
  16. #9
  17. No Profile Picture
    Dazed&Confused
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2002
    Location
    Tempe, AZ
    Posts
    506
    Rep Power
    128
    Originally Posted by mod_speling
    Those characters would never have appeared in the cookie value if the cookie was created with setcookie(). So OP isn't trying to figure out how to encode properly, rather I think that either the cookie wasn't set by their PHP code, or it was set with setrawcookie(). I think it'd odd that we have setrawcookie() but no way to get back the raw value without having to manually parse the cookies string from $_SERVER. Seems like an oversight.
    Certain characters HAVE to be encoded so not to break the cookie syntax, and it looks like URL encoding has become the defacto standard way of handling it.

    So I'm of two minds on it. Consistency would dictate that if you have to have a setrawcookie() to, arguably, work with systems that parse them through some obscure custom process, you should have an equivalent way to get the raw value. But at the same time the PHP developers might not want to promote nonstandard practices by openly embracing raw values.

    /shrugs

    But at least we all understand cookies a bit better now...
    LinkedIn: Dave Mittner

IMN logo majestic logo threadwatch logo seochat tools logo