Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:102942
Return-Path: <mail@pmmaga.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 23120 invoked from network); 21 Jul 2018 21:49:51 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Jul 2018 21:49:51 -0000
Authentication-Results: pb1.pair.com header.from=mail@pmmaga.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=mail@pmmaga.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain pmmaga.net designates 149.210.149.69 as permitted sender)
X-PHP-List-Original-Sender: mail@pmmaga.net
X-Host-Fingerprint: 149.210.149.69 outbound0.mail.transip.nl  
Received: from [149.210.149.69] ([149.210.149.69:54968] helo=outbound0.mail.transip.nl)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3D/78-47674-A7AA35B5 for <internals@lists.php.net>; Sat, 21 Jul 2018 17:49:48 -0400
Received: from submission5.mail.transip.nl (submission5.mail.transip.nl [149.210.149.125])
	by outbound0.mail.transip.nl (Postfix) with ESMTP id 41Y1cl2DyBzynbG
	for <internals@lists.php.net>; Sat, 21 Jul 2018 23:49:43 +0200 (CEST)
Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46])
	by submission5.mail.transip.nl (Postfix) with ESMTPA id 41Y1cj1VRmz7t9K
	for <internals@lists.php.net>; Sat, 21 Jul 2018 23:49:38 +0200 (CEST)
Received: by mail-wr1-f46.google.com with SMTP id t6-v6so14308992wrn.7
        for <internals@lists.php.net>; Sat, 21 Jul 2018 14:49:38 -0700 (PDT)
X-Gm-Message-State: AOUpUlHRknX84mOtp5eMm5J+6+beDagOIZTkSZWbwr2xXjli60RBX98g
	p9LT2ZGehfRQkNTZwMDWOnC+oZst9vBgLZFK9TE=
X-Google-Smtp-Source: AAOMgpe6CSwpxL8Q410RKVetHqHde2y8vY5e+63XOF24KoJZTVmiaz7s6juVJKJy7yFbFbPs89bwIUCnscEXb9k1EJg=
X-Received: by 2002:a5d:438d:: with SMTP id i13-v6mr4908197wrq.156.1532209776138;
 Sat, 21 Jul 2018 14:49:36 -0700 (PDT)
MIME-Version: 1.0
References: <a4189866-23ea-4dc5-12a4-a7fbad8e5601@genkgo.nl>
 <1abd260d-ebc4-a062-3381-72485946e8bc@gmail.com> <a55b37e3-268c-f8ab-6545-6cf7a4f537f0@genkgo.nl>
 <CAJd4=Ya67XaX3bwwQn20GUQqEvEVe8XEepRz9+of6h4t4fC_fg@mail.gmail.com> <279bc20a-6bbb-7114-fb7e-293b543a5fdb@gmx.de>
In-Reply-To: <279bc20a-6bbb-7114-fb7e-293b543a5fdb@gmx.de>
Date: Sat, 21 Jul 2018 22:49:26 +0100
X-Gmail-Original-Message-ID: <CAJd4=YaeyVwBT-FOMR1ZKn1Bd3hiAs05r0oQSn-eDY2MT3O6+w@mail.gmail.com>
Message-ID: <CAJd4=YaeyVwBT-FOMR1ZKn1Bd3hiAs05r0oQSn-eDY2MT3O6+w@mail.gmail.com>
To: "Christoph M. Becker" <cmbecker69@gmx.de>
Cc: f.bosch@genkgo.nl, Stanislav Malyshev <smalyshev@gmail.com>, 
	PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="0000000000006da1090571896332"
X-Scanned-By: ClueGetter at submission5.mail.transip.nl
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 s=transip-a; d=pmmaga.net; t=1532209781; h=from:reply-to:subject:to:
 cc:references:in-reply-to:date:mime-version:content-type;
 bh=iNp6HmRuHgLkuEnyaqLUjzBIecBe3T1THIw+EUASAkc=;
 b=ZSUgMvMr7AgPaqUjc2CvmSA4WnA8SdEEMdORGbiwdqYjbDn1MvWShAaUQIQ52pKFmSdrGa
 +1ML7D5U7t4w8ILOWiHA/Ut+a+2ToOzCkZoeuZ0Ifi5WlpZDEBxQEMBB1pRLe4hD6KUrfZ
 NdunBFXvpcDIozU5b2LUXcIwMHzWhOchDws/2CL1SW+rUUf+E3zeuCcSRb6H286tLxEpZN
 YagAduoSfXAatUYQKYXAVrBcVvSP6LMZoQv/A+qCWRm+jUvp8a+JB+4r61Dmhu9rsT5Q1j
 GgENpMc1oq/6ciBG7txF/vl761enx7pJKfFCvRFms43tpf9/OTqYkNg5j/KPUQ==
X-Report-Abuse-To: abuse@transip.nl
Subject: Re: [PHP-DEV] [VOTE] Same Site Cookie RFC
From: mail@pmmaga.net (=?UTF-8?Q?Pedro_Magalh=C3=A3es?=)

--0000000000006da1090571896332
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sat, Jul 21, 2018 at 12:11 PM Christoph M. Becker <cmbecker69@gmx.de>
wrote:

> Personally, I'd even prefer this, but that's not what was voted upon, so
> I'm not sure if it's okay.  Anyhow, the implementation is available as
> <https://github.com/php/php-src/pull/3398>.  Thanks, Pedro!
>

I personally believe that the intent of the vote is to have this feature
and to have it included as an alternative array of parameters. I don't mean
to step on anyone's toes with the proposed implementation, but given that
the RFC doesn't define the array of options I think most people didn't
notice this design choice and/or ultimately just wanted this feature
accepted.


> > About the implementation, the array of options is never really defined =
in
> > the RFC. If we assume that it is identical to the proposed output
> > of session_get_cookie_params, the name of the first key should be
> lifetime.
> > However, for setcookie and setrawcookie, the documented parameter name =
is
> > expire. Would there be any issue if we would assume lifetime for the 4
> > functions?
>
> I'd prefer =E2=80=9Cexpire_s_=E2=80=9D, but I'm okay with =E2=80=9Clifeti=
me=E2=80=9D.
>

Although I had suggested using the same key for all functions, when I
started the implementation I realized they have different meanings. For
session_get_cookie_params, lifetime is a relative amount of seconds, but
for setcookie and setrawcookie expire is an absolute timestamp. So I kept
that distinction.
About your suggestion, I looked again, and in fact, the only place where
the parameter is called expire is in the docs. Internally (ie. Reflection)
it is called expires. Given this and the fact that it is what actually is
used in the cookie header, I've changed the key to "expires".

Regards,
Pedro

--0000000000006da1090571896332--