Skip to content

Y
yii2
Commit fd55679c by Qiang Xue
Options

Fixes #5266

parent 67e2754e
Showing with 3 additions and 2 deletions
docs/guide/runtime-sessions-cookies.md
...@@ -304,8 +304,9 @@ on the client side. This is achieved by signing each cookie with a hash string, ...@@ -304,8 +304,9 @@ on the client side. This is achieved by signing each cookie with a hash string,
tell if a cookie is modified on the client side or not. If so, the cookie will NOT be accessible through the tell if a cookie is modified on the client side or not. If so, the cookie will NOT be accessible through the
[[yii\web\Request::cookies|cookie collection]] of the `request` component. [[yii\web\Request::cookies|cookie collection]] of the `request` component.
> Info: If a cookie fails the validation, you may still access it through `$_COOKIE`. This is because third-party > Note: Cookie validation only protects cookie values from being modified. If a cookie fails the validation,
libraries may manipulate cookies in their own way, which does not involve cookie validation. you may still access it through `$_COOKIE`. This is because third-party libraries may manipulate cookies
in their own way, which does not involve cookie validation.
Cookie validation is enabled by default. You can disable it by setting the [[yii\web\Request::enableCookieValidation]] Cookie validation is enabled by default. You can disable it by setting the [[yii\web\Request::enableCookieValidation]]
property to be false, although we strongly recommend you do not do so. property to be false, although we strongly recommend you do not do so.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment