Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:102909
Return-Path: <mail@pmmaga.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 92538 invoked from network); 18 Jul 2018 21:00:45 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Jul 2018 21:00:45 -0000
Authentication-Results: pb1.pair.com header.from=mail@pmmaga.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=mail@pmmaga.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain pmmaga.net designates 149.210.149.73 as permitted sender)
X-PHP-List-Original-Sender: mail@pmmaga.net
X-Host-Fingerprint: 149.210.149.73 outbound2.mail.transip.nl  
Received: from [149.210.149.73] ([149.210.149.73:54248] helo=outbound2.mail.transip.nl)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F8/83-37178-97AAF4B5 for <internals@lists.php.net>; Wed, 18 Jul 2018 17:00:43 -0400
Received: from submission4.mail.transip.nl (submission4.mail.transip.nl [149.210.149.124])
	by outbound2.mail.transip.nl (Postfix) with ESMTP id 41W8gV4ngzzZw7b
	for <internals@lists.php.net>; Wed, 18 Jul 2018 23:00:38 +0200 (CEST)
Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53])
	by submission4.mail.transip.nl (Postfix) with ESMTPA id 41W8gT0DTCznTVg
	for <internals@lists.php.net>; Wed, 18 Jul 2018 23:00:36 +0200 (CEST)
Received: by mail-wr1-f53.google.com with SMTP id j5-v6so5955925wrr.8
        for <internals@lists.php.net>; Wed, 18 Jul 2018 14:00:36 -0700 (PDT)
X-Gm-Message-State: AOUpUlERgHEF0fGJPPXCH6tSQOPiGuIq4yS6wKKvs45R9wDger0k0AoH
	5Iv67n5HjR95vGMMdFzk/36b18C8WGapoEBiO5w=
X-Google-Smtp-Source: AAOMgpf+GLaDB4S24WwTHOjWsWSizXSqS0Nao7YuApJqNp1uLsgmlq4IwvxDfCHSlfk2V3IwR0L5RAfCIERVb5uR3xM=
X-Received: by 2002:adf:9142:: with SMTP id j60-v6mr5347169wrj.180.1531947636149;
 Wed, 18 Jul 2018 14:00:36 -0700 (PDT)
MIME-Version: 1.0
References: <a4189866-23ea-4dc5-12a4-a7fbad8e5601@genkgo.nl>
 <1abd260d-ebc4-a062-3381-72485946e8bc@gmail.com> <a55b37e3-268c-f8ab-6545-6cf7a4f537f0@genkgo.nl>
In-Reply-To: <a55b37e3-268c-f8ab-6545-6cf7a4f537f0@genkgo.nl>
Date: Wed, 18 Jul 2018 22:00:27 +0100
X-Gmail-Original-Message-ID: <CAJd4=Ya67XaX3bwwQn20GUQqEvEVe8XEepRz9+of6h4t4fC_fg@mail.gmail.com>
Message-ID: <CAJd4=Ya67XaX3bwwQn20GUQqEvEVe8XEepRz9+of6h4t4fC_fg@mail.gmail.com>
To: f.bosch@genkgo.nl
Cc: smalyshev@gmail.com, PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000aad0e405714c5ab8"
X-Scanned-By: ClueGetter at submission4.mail.transip.nl
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 s=transip-a; d=pmmaga.net; t=1531947638; h=from:reply-to:subject:to:
 cc:references:in-reply-to:date:mime-version:content-type;
 bh=/+ih+cqdUj4Vu2KCIizy1jGNEF3owz8Zlism4u7zH3c=;
 b=Mnr6kjpoEDEKqTleG0PXdLKjTQIFQsSDFrP2hcwWKr7WR2MhMm8tvmP4YX3O8246NrjQB2
 TGnkqxNfGD80OUcEKcZu5X395oUOUZBfZhwp0wsd5BCwUvkXKQSgV274y4BiwkfWwS3EuJ
 RTGI2A5v0t0FsjwhC6glLseszssV/W+26HsB/YGkZIp61thIhhX+U7ASyVHXFT50jP20sk
 Ure75EhD4gI+rAfk0m9+QjkvDMl/S+tEyGWSy+xUIEmvGcAzj2yRAHdeomr48utRligAcu
 C35bxcOg3/yM77DYY4Ss21cPpP90v+5IKsELjDvGhXzb0+qHPhNpkJ5LOePlnA==
X-Report-Abuse-To: abuse@transip.nl
Subject: Re: [PHP-DEV] [VOTE] Same Site Cookie RFC
From: mail@pmmaga.net (=?UTF-8?Q?Pedro_Magalh=C3=A3es?=)

--000000000000aad0e405714c5ab8
Content-Type: text/plain; charset="UTF-8"

On 28-08-17 21:06, Stanislav Malyshev wrote:

> Something not clear to me on the second one - why lifetime/expiration is
> a separate parameter while all others are part of $options?


On Mon, Aug 28, 2017 at 8:53 PM Frederik Bosch <f.bosch@genkgo.nl> wrote:

> 1. The session_set_cookie_params function requires a lifetime parameter
> at the moment.
>
> 2. To enforce that lifetime stays required I did not want to make it
> required within the optional array. That would make that optional array
> not optional anymore, and even have a required key. I don't think that
> is a good idea.
>
> 3. To prevent that the array of options is different between the three
> functions (session_set_cookie_params, setcookie, setrawcookie), I chose
> to exclude lifetime from the array of options and include it in the list
> of arguments.
>
> Hence, I chose a consistent and logical API over the three functions
> together rather than having logical ones per function. Hope it makes sense.
>

Hi all,

This reasoning doesn't make a lot of sense to me.
With regards to session_set_cookie_params, I believe that the only reason
why lifetime is required in that function is because calling it without
parameters doesn't have a purpose.
With an array of options (which keeps the first parameter mandatory), there
is no strong reason to make one of them required. An empty array or an
array without any valid key would still error.
If this is acceptable for that function, all the other functions can have
all the options in the array as that keeps the array consistent across them.

With this being said, would anyone oppose an implementation where all the
options (including lifetime) are included in the array parameter?

About the implementation, the array of options is never really defined in
the RFC. If we assume that it is identical to the proposed output
of session_get_cookie_params, the name of the first key should be lifetime.
However, for setcookie and setrawcookie, the documented parameter name is
expire. Would there be any issue if we would assume lifetime for the 4
functions?

Regards,
Pedro

--000000000000aad0e405714c5ab8--