Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:100028 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 12766 invoked from network); 24 Jul 2017 08:52:32 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Jul 2017 08:52:32 -0000 Authentication-Results: pb1.pair.com header.from=f.bosch@genkgo.nl; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=f.bosch@genkgo.nl; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain genkgo.nl designates 46.21.156.38 as permitted sender) X-PHP-List-Original-Sender: f.bosch@genkgo.nl X-Host-Fingerprint: 46.21.156.38 mail.genkgo.net Received: from [46.21.156.38] ([46.21.156.38:57984] helo=mail.genkgo.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 93/1A-18680-A45B5795 for ; Mon, 24 Jul 2017 04:52:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=genkgo.nl; s=x; h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:References:To: From:Subject:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Y+0+hPKC8WRfpqKONSM33y7+lnXc/PBDzJYHtdQTOco=; b=kVXex6eNCFI9XVEFiqloTfasDX IhYJO48lRDPfdxnqvKRuXa9RpDr9fiUuYqDtdbWDy0gCVjmfP4g5mas5+i9LDpYSdAFVoVjH8VhLT pC8WN5VmfVa3+hvxmfUA/cZ0rLtls8gA7LHsmISCIpsjviXTYd5Ba5BX7EL06sAy0juw8vvcF1+1v zK1bH8O6a+dVA25SRmzdmmjJjTIx7S+MLiZISMVxLZRnr3Y916s7tJOsQIjv1ERcb0keIbUjgHOSf 6BLK2/PHqPl26ioP5vCKkwBOyIQ1CWSdFOeu2Sk8p2KEPSLjtYgyoL5lKkgBZsvRipZKrbQIpJXPF sIVuYnzw==; Received: from [188.213.225.106] (helo=[192.168.15.254]) by mail.genkgo.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.87) (envelope-from ) id 1dZZ6G-000439-6y for internals@lists.php.net; Mon, 24 Jul 2017 10:52:24 +0200 To: "internals@lists.php.net" References: <14052ebf-efea-cb43-39e0-bdc30e493ff3@genkgo.nl> <08f6d5f1-a7e7-90a3-1b6a-ac353498cef8@genkgo.nl> <4a30e3b3-d149-f76c-23fc-79a09a80b044@genkgo.nl> Message-ID: <7a1f1617-5864-ad7c-f439-3c9f87cacfd1@genkgo.nl> Date: Mon, 24 Jul 2017 10:52:23 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <4a30e3b3-d149-f76c-23fc-79a09a80b044@genkgo.nl> Content-Type: multipart/alternative; boundary="------------172F49073B07D62530FC22DC" Content-Language: nl-NL X-Antivirus-Scanner: Clean mail though you should still use an Antivirus Subject: Re: [PHP-DEV] [RFC] samesite cookie implementation From: f.bosch@genkgo.nl (Frederik Bosch | Genkgo) --------------172F49073B07D62530FC22DC Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit LS, Because of the valid arguments to set(raw)cookie and session_set_cookie_params to become lengthly functions, I reconsidered the proposal. It now consists of two possibilities. One is add samesite as argument and second one is to have these functions accept an array of options. One can read the changes in the proposal https://wiki.php.net/rfc/same-site-cookie. When both solutions will be rejected, the floor will be completely open for the proposal of http_cookie_set/remove since we then investigated all the possible solutions to the current set of functions. Best, Frederik On 20-07-17 10:10, Frederik Bosch | Genkgo wrote: > > LS, > > All concerns that have been put forward are updated in the RFC > document. See https://wiki.php.net/rfc/same-site-cookie. I am going to > start the voting on August 1, 2017. Exactly two weeks after I posted > the RFC on the internals list. If new concerns are put forward in the > meanwhile, I will of course update the RFC. > > Best, > Frederik > > > > > On 19-07-17 17:06, Andrey Andreev wrote: >> Hi, >> >> Not realizing I was looking at EOL dates, I (unintentionally) provided >> some wrong info yesterday: >> >> On Tue, Jul 18, 2017 at 5:13 PM, Andrey Andreev wrote: >>> - HttpOnly was released with PHP 5.2.0 in January 2011 - just 3 months prior >>> to IETF RFC 6265 (April 2011) becoming a standards track. >> PHP 5.2 was of course released way back, in 2006. My apologies for that. >> >> Cheers, >> Andrey. > > -- > > > Frederik Bosch > > > Partner > > Genkgo logo > Mail: f.bosch@genkgo.nl > Web: support.genkgo.com > > Entrada 123 > Amsterdam > +31 208 943 931 > > Genkgo B.V. staat geregistreerd bij de Kamer van Koophandel onder > nummer 56501153 -- Frederik Bosch Partner Genkgo logo Mail: f.bosch@genkgo.nl Web: support.genkgo.com Entrada 123 Amsterdam +31 208 943 931 Genkgo B.V. staat geregistreerd bij de Kamer van Koophandel onder nummer 56501153 --------------172F49073B07D62530FC22DC--