Skip to content

Invalid character in cookie name beyond what is listed in the error message

I am getting the error:

Cookie names cannot contain any of the following ‘=,; trn1314’;

However, I have php code to replaced these characters before calling setcookie:

$notallowed = array('"', '=', ',', ';', ' ', 't', 'r', 'n', '13', '14', "");
// clean cookie names of potential invalid characters
$name = str_replace($notallowed, "_", $name);    

setcookie($name, $value, $expire, $path, $domain, $secure);

It seems that setcookie chokes on other characters as well.

When I test the contents of $name using the code below, I get the following

for ( $pos=0; $pos < strlen($name); $pos ++ ) {
 $byte = substr($name, $pos);
 echo 'Byte ' . $pos . ' of $name has value ' . ord($byte) . "<br>";


Byte 0 of $name has value 115 
Byte 1 of $name has value 45 
Byte 2 of $name has value 103 
Byte 3 of $name has value 50 
Byte 4 of $name has value 49 
Byte 5 of $name has value 56 
Byte 6 of $name has value 49 
Byte 7 of $name has value 13 
Byte 8 of $name has value 181 
Byte 9 of $name has value 219 
Byte 10 of $name has value 93 
Byte 11 of $name has value 118 
Byte 12 of $name has value 215 
Byte 13 of $name has value 93 
Byte 14 of $name has value 181 
Byte 15 of $name has value 219 
Byte 16 of $name has value 93 
Byte 17 of $name has value 181 

Can you help me add to my code to filter out invalid characters in the name? Thanks.



Your special character escape values are not double-quoted so they are treated as literal strings, ie 't' vs "t".

You might want to consider using a regex to replace as @mynd mentioned:

$name = "Hi this n is a cookie; name";

$name = preg_replace('/[^a-z0-9]/i', '_', $name);

echo $name; //Hi_this___is_a_cookie__name
User contributions licensed under: CC BY-SA
3 People found this is helpful