每日一题（13）

3. Under normal circumstances—and ignoring any browser bugs—how can a cookie be accessed from a domain other than the one it was set for?

A. By consulting the HTTP_REMOTE_COOKIE header

B. It cannot be done

C. By setting a different domain when calling setcookie()

D. By sending an additional request to the browser

E. By using Javascrīpt to send the cookie as part of the URL

Answer:

Answer B is correct. Browsers simply do not allow an HTTP transaction that takes place on one domain to set cookies for another domain. Doing otherwise would present clear security implications: for example, a malicious page on one domain could overwrite your session ID for another domain and force you to use another session to which a third party has access without your knowledge.

4. How can the index.php scrīpt access the email form element of the following HTML form? (Choose 2)

<form action="index.php" method="post">

<input type="text" name="email"/> </form>

A. $_GET['email']

B. $_POST['email']

C. $_SESSION['text’]

D. $_REQUEST['email']

E. $_POST['text']

Answer:

Since the form’s method is post, the scrīpt will only be able to read the value through the $_POST and $_REQUEST superglobal arrays. The element’s name (email) is used as the key for the value in the array and, therefore, Answers B and D are correct. Note that, although perfectly valid from a logical perspective, the use of $_REQUEST should be discouraged because of potential security implications.