1

I am converting the array into cookie by php serialize function 

$PromoteProductArray = array("PromoteuserId"=>$PromoteuserId,
"PromoteProductId"=>$PromoteProductId,
"PromoteBrandId"=>$PromoteBrandId);

$Promotedcart[] = $PromoteProductArray;

setcookie("Promotedcart", serialize($Promotedcart), time()+604800,'/');

And when the cookie is created then i am using the unserialize php function.

print_r(unserialize($_COOKIE['Promotedcart']));

it does not work.

When I print_R($_COOKIE) then it show me the value.

footy
  • 5,803
  • 13
  • 48
  • 96
Amit
  • 49
  • 1
  • 3
  • 7
  • 1
    Test data can be very helpful, can you post sample – varela Sep 14 '11 at 10:02
  • [See this StackOverflow question](http://stackoverflow.com/questions/9032007/arrays-in-cookies-php) for a better answer. – Vera de Kok May 03 '13 at 14:18
  • Please do not use `unserialize` on user-submitted data. This is easily exploitable with object injection using PHP's __wakeup and __destruct methods. You can use `json_encode/json_decode` instead of `serialize/unserialize`. https://www.owasp.org/index.php/PHP_Object_Injection – Quinn Comendant May 02 '14 at 23:53

2 Answers2

0

You can use json_encode, json_decode functions to achieve this as an alternative.

$PromoteProductArray = array("PromoteuserId"=>$PromoteuserId,
"PromoteProductId"=>$PromoteProductId,
"PromoteBrandId"=>$PromoteBrandId);
$Promotedcart[] = $PromoteProductArray;
setcookie("Promotedcart", json_encode($Promotedcart), time()+604800,'/');
$result = json_decode($_COOKIE['Promotedcart'], true);
print_r($result);

Give it a try, this should work.

Rahul
  • 18,271
  • 7
  • 41
  • 60
0

Cookies separated by semicolon. Serialized strings with arrays contain them inside. Maybe this is a problem. You can use base64 to avoid all possible escape issues.

varela
  • 1,281
  • 1
  • 10
  • 16