Open Vadorequest opened 11 years ago
It's not problem to change, but it will break backward compability since there are many cookies created using #. Is there any way to allow # in CI? Or I may make it optional/changable.
In fact, the "#" is forbidden for security reason, it can be changed in CI config but perhaps break the CI security, I don't know why it's forbidden but if it's then I think it's useful.
Hi,
With CodeIgniter PHP framework I've found a bug there is 6 months.
When you use '#' in the COOKIE name, it's bug.
So I've used '-' and update your source code and send you an email.
I use the 2.2.1 but you use again '#', so can you fix this ? (I fix this in my local version)
Change line 1178, perhaps somewhere else too, I've forgot ^^ function: _generateCookieKeyPrefix
PS: It's because CI protect COOKIES attack by content, and the '#' is forbidden.