Commit fd55679c by Qiang Xue

Fixes #5266

parent 67e2754e
......@@ -304,8 +304,9 @@ on the client side. This is achieved by signing each cookie with a hash string,
tell if a cookie is modified on the client side or not. If so, the cookie will NOT be accessible through the
[[yii\web\Request::cookies|cookie collection]] of the `request` component.
> Info: If a cookie fails the validation, you may still access it through `$_COOKIE`. This is because third-party
libraries may manipulate cookies in their own way, which does not involve cookie validation.
> Note: Cookie validation only protects cookie values from being modified. If a cookie fails the validation,
you may still access it through `$_COOKIE`. This is because third-party libraries may manipulate cookies
in their own way, which does not involve cookie validation.
Cookie validation is enabled by default. You can disable it by setting the [[yii\web\Request::enableCookieValidation]]
property to be false, although we strongly recommend you do not do so.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment