Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:100021
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Message-ID: <48.C0.18680.F6AE4795@pb1.pair.com>
To: internals@lists.php.net
References: <64.32.02884.7983D695@pb1.pair.com>
 <CAPhkiZy1Xo4mj758mtjcMGnX2PV0VsiHa9uN_Ka=1xiiXAx7Mg@mail.gmail.com>
 <86.8B.02884.8D93E695@pb1.pair.com>
 <CAPhkiZyuo+TtNNAd15hhQw07sA2QXaOD7xkHQ1Up7a3jT+FOsQ@mail.gmail.com>
Date: Sun, 23 Jul 2017 20:26:52 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:45.0)
 Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CAPhkiZyuo+TtNNAd15hhQw07sA2QXaOD7xkHQ1Up7a3jT+FOsQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] http_cookie_set and http_cookie_remove
From: gmblar@gmail.com (Andreas Treichel)

Hello Andrey,

> That's what I was afraid of, and what I suggested be changed.
>
> If we had a similar, array-of-attributes API that did NOT ignore or
> trigger warnings for unknown attributes, everybody using PHP would've
> been able to use SameSite already.

I think it is necessary to trigger a notice or warning for unknown 
options for troubleshooting.


> On another note, I'd also move the 'expire' option to a separate
> parameter and remove $options to $attributes.
>
> 'expire' is not a known cookie attribute; PHP uses it to calculate the
> Expires and Max-Age attributes ...

The "attribute" expires (not expire) existing in the header Set-Cookie.


> I liked your proposal, because it's a chance to have a shiny new API
 > that doesn't come with all the legacy stuff already built into
 > setcookie().

I hope to meet your expectations.


> But if we want an array-based setcookie() alternative without changing
> anything else, we can just change setcookie() to accept arrays.

No this is just the only the first step for additional extensions.