Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:100025 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 4315 invoked from network); 24 Jul 2017 08:00:56 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Jul 2017 08:00:56 -0000 Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain devilix.net designates 209.85.218.50 as permitted sender) X-PHP-List-Original-Sender: narf@devilix.net X-Host-Fingerprint: 209.85.218.50 mail-oi0-f50.google.com Received: from [209.85.218.50] ([209.85.218.50:33369] helo=mail-oi0-f50.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 13/A8-18680-639A5795 for ; Mon, 24 Jul 2017 04:00:55 -0400 Received: by mail-oi0-f50.google.com with SMTP id a9so17755616oih.0 for ; Mon, 24 Jul 2017 01:00:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=devilix.net; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pWquU2C0XI+7M/NsF1VHz0M0m4IWzvmV35cJwjwPOXs=; b=EftIctEHg1JyEFvdlfVgVKyCjUWB5liZWrbRJyBcnw6p/aKJkbZK35u1FhdOXbq0HP XZh99QoFvsqmxUSl38olavg3QVCv06BIMS+kbAh5HEEbMz3oPvolb2UX0uzeUchSVmM4 GSARjeUyjhfwnGewFBwRxdZCnwUATRHo4I8XE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pWquU2C0XI+7M/NsF1VHz0M0m4IWzvmV35cJwjwPOXs=; b=i21VdWG9bt+hmf6TgVahBuzk3gFCM8ZwyOnhy7xRhY9tyyuVVROGdbYg2EPOfR4QXe a8eNQ9ArtYr41hE4B64RaIkZfju9pLblZn5wg1u+rxR6+h9Dib+MExhGb7x1k0EtZ/Ap QSUOZ78u0bCg0nGhvaqR9bapteNWDnRAfmUZY1LGEEKeoPU1AgutaP4hNp24iutXKP7z fVg2eD9LToYrGjLbXcc+68c9CSIif26GK6wHinbBzvXWgAfWsJmxv6yaMGGk1g7z7XKa IGCB3/0WkyqtjUSzzAxjn3q8CXp69QjeaoW4zJ+uu45lOAfaz2gG4R2U1pZnFtyBZunE NlFg== X-Gm-Message-State: AIVw1123RnEtfYHBTV0YTYlwN9tAR5mZZNTU487GV+S2nFrHZIOakZDw 3OVscKW4PqYcqQYBEL0YV73cKCzeXIOY X-Received: by 10.202.92.3 with SMTP id q3mr7294334oib.206.1500883251952; Mon, 24 Jul 2017 01:00:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.181.103 with HTTP; Mon, 24 Jul 2017 01:00:51 -0700 (PDT) In-Reply-To: <48.C0.18680.F6AE4795@pb1.pair.com> References: <64.32.02884.7983D695@pb1.pair.com> <86.8B.02884.8D93E695@pb1.pair.com> <48.C0.18680.F6AE4795@pb1.pair.com> Date: Mon, 24 Jul 2017 11:00:51 +0300 Message-ID: To: Andreas Treichel Cc: "internals@lists.php.net" Content-Type: text/plain; charset="UTF-8" Subject: Re: [PHP-DEV] http_cookie_set and http_cookie_remove From: narf@devilix.net (Andrey Andreev) Hello Andreas, On Sun, Jul 23, 2017 at 9:26 PM, Andreas Treichel wrote: > Hello Andrey, > >> That's what I was afraid of, and what I suggested be changed. >> >> If we had a similar, array-of-attributes API that did NOT ignore or >> trigger warnings for unknown attributes, everybody using PHP would've >> been able to use SameSite already. > > > I think it is necessary to trigger a notice or warning for unknown options > for troubleshooting. > I get that. However, that also means users have to wait for PHP internals to discuss and vote on RFCs for each possible new cookie attribute. Then wait for the release, and then the painfully slow adoption rates. And I'd also argue that the first thing one does while looking for cookie-related issues is inspecting the response HTTP headers anyway, so I don't think warnings would be that helpful. Plus, this isn't something that can behave in unexpected ways; cookie attributes have a clearly defined syntax. >> On another note, I'd also move the 'expire' option to a separate >> parameter and remove $options to $attributes. >> >> 'expire' is not a known cookie attribute; PHP uses it to calculate the >> Expires and Max-Age attributes ... > > > The "attribute" expires (not expire) existing in the header Set-Cookie. > That's what I said ... ? I was suggesting that the array keys be reserved for actual attributes, not arbitrary PHP options. >> I liked your proposal, because it's a chance to have a shiny new API > >> that doesn't come with all the legacy stuff already built into >> setcookie(). > > I hope to meet your expectations. > > >> But if we want an array-based setcookie() alternative without changing >> anything else, we can just change setcookie() to accept arrays. > > > No this is just the only the first step for additional extensions. > Care to elaborate? You're not really addressing the concerns I'm raising, and now it looks like you expect everybody to just trust you on this for the promise of unknown goods in the future ... I'm sorry to say this, as I want to help, but this is not a way to gather support. Cheers, Andrey.