Cookie names starting _# and _clean_input_keys() / Disallowed Key Characters.

[eluser]TomB3[/eluser]
Hi there,

I am experimenting with CodeIgniter for use within a front end website. I am impressed with it generally but have noticed what seems to be an annoying and show stopping behaviour.

The website under development in this project uses extensive tracking services including Google Analytics, Web Stat and DC Storm. One of these services drops cookies with names starting _# including:

_#slid
_#vdf
_#srchist
_#uid
_#sess

Looking in my Firefox cookies manager I can see loads of other websites which have dropped the same collection of cookies.

These cookies trigger _clean_input_keys($str) within Input.php to die with error "Disallowed Key Characters."

Is anyone aware of a fix/workaround to this behaviour? Is the _# in the cookie name really illegal?

Thanks

[eluser]WanWizard[/eluser]
Extend the Input library, and create your own version of the _clean_input_keys() method to allow the #.

[eluser]TomB3[/eluser]
Hi WanWizard,

Yes I could do that, but I feel this partially defeats the point of using a framework?! ..and I would be interested to know why a # in a cookie name is considered invalid.

[eluser]TomB3[/eluser]
For the moment I have changed line 217 of Input.php from:

Code:

if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))

to:

Code:

if ( ! preg_match("/^([a-z0-9:_\/-]|[#])+$/i", $str))

and on line 219 from:

Code:

exit('Disallowed Key Characters.');

to:

Code:

exit('Disallowed Key Characters: '. $str);

to help troubleshooting.

If anyone has any better ideas or any further comments I would most appreciate it.

Thanks