I want to share one feature when setting COOKIE values, which is often overlooked by the web developers.
According to my experience as for research of the web application vulnerabilities for 2009-2011, this error occurred in 87% of the web applications that were written in PHP.
In order to reduce this rate, I have decided to write this article.

I will not even talk about httpOnly flag, though its use is very important and necessary.

Let’s look at the example of code:
header('Set-cookie: foo1=bar11');
ZimerMan 23 may 2014, 18:18