Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:102949
Return-Path: <narf@devilix.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 57069 invoked from network); 22 Jul 2018 12:16:39 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 Jul 2018 12:16:39 -0000
Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain devilix.net designates 74.125.82.41 as permitted sender)
X-PHP-List-Original-Sender: narf@devilix.net
X-Host-Fingerprint: 74.125.82.41 mail-wm0-f41.google.com  
Received: from [74.125.82.41] ([74.125.82.41:50420] helo=mail-wm0-f41.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id FC/1C-47674-6A5745B5 for <internals@lists.php.net>; Sun, 22 Jul 2018 08:16:38 -0400
Received: by mail-wm0-f41.google.com with SMTP id v25-v6so13375112wmc.0
        for <internals@lists.php.net>; Sun, 22 Jul 2018 05:16:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=devilix.net; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=c2d1o4L5BZTpX2hltX8BC9gbAqGY6eVMEbsvo36JPYo=;
        b=f455YT3C3RLRyV0KJsJGlFa8xYMq9z/jD4Wnsh0rSWk74AGaHtay0vcXqkFPEG1Doj
         /W183VNFs1Q/zjDIRaR8M6Aqam/EWy7wn2GuYiP0NOE+Kec4ZeO+jU6xoT1+8taNdAnr
         8pp8/iLQ2iZ9WdLONs/cFzOMGg1obZ0cU00Fc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=c2d1o4L5BZTpX2hltX8BC9gbAqGY6eVMEbsvo36JPYo=;
        b=WMk/s/1ol1IpCEuyeN0YmhY5RN6bJHqKMbexxRaJlRM39hEiSsBfTxI+OKCXZBn2Vf
         mRMXK+6HYS9UewlH7PQrv/yq8VdnjbdJYp78WoKhfmI/m9zFjnnYyR5sJmssX+SCXxze
         L82ArPSGLtFEpjpte46jVnOpP5UvmtGx2B5g5Iql2Zj/HmHAjzZnDMWH0QheSeUwhDkf
         Xi0r+kCuC/dwi3yJDRNTnu4gRRr93HTM6NnQ30fFU+Q8Nd0SN9y2EE8LGh7GxydPz7cN
         0A/qfYSEADJ6IoxvPm3FpdqHp9mNp8lLn7pRxv5snJ71CVPkGWcTCxLIwYkU6dZ9Udj+
         /36g==
X-Gm-Message-State: AOUpUlFNrUrE2iDBtmd3K92Z14efdPWroRxKWbn54Qzd+IGq+5NXqxZl
	EsisI90AyYlHh4aJR+MKhyBgpjrO9ZTLSVriRWL0qw==
X-Google-Smtp-Source: AAOMgpci2UGbjOU9P9HZuKHfWZaYfK1k98VHo5lunPwL0uRz9d/hT2eFlqGgwXYLBgcdr5uDjbi62qbBxcPvU8Q+T14=
X-Received: by 2002:a1c:68f:: with SMTP id 137-v6mr2609048wmg.82.1532261795713;
 Sun, 22 Jul 2018 05:16:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:adf:add2:0:0:0:0:0 with HTTP; Sun, 22 Jul 2018 05:16:35
 -0700 (PDT)
In-Reply-To: <CAJd4=YZfMgJ7pLwUx_0GqdV+KMCGqYZFhQEDV_2KTMOKiRi6dA@mail.gmail.com>
References: <a4189866-23ea-4dc5-12a4-a7fbad8e5601@genkgo.nl>
 <1abd260d-ebc4-a062-3381-72485946e8bc@gmail.com> <a55b37e3-268c-f8ab-6545-6cf7a4f537f0@genkgo.nl>
 <CAJd4=Ya67XaX3bwwQn20GUQqEvEVe8XEepRz9+of6h4t4fC_fg@mail.gmail.com>
 <CAPhkiZzSfwMd7TthF7jcWwY+JTnFyamyevnWDZZhGGF_qpEpKA@mail.gmail.com> <CAJd4=YZfMgJ7pLwUx_0GqdV+KMCGqYZFhQEDV_2KTMOKiRi6dA@mail.gmail.com>
Date: Sun, 22 Jul 2018 15:16:35 +0300
Message-ID: <CAPhkiZyHTy8m8N9f531GTMcNNhWO7Rj0U9vtMXzg3FhGyJQ0Vg@mail.gmail.com>
To: =?UTF-8?Q?Pedro_Magalh=C3=A3es?= <mail@pmmaga.net>
Cc: "Frederik Bosch | Genkgo" <f.bosch@genkgo.nl>, Stanislav Malyshev <smalyshev@gmail.com>, 
	PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] [VOTE] Same Site Cookie RFC
From: narf@devilix.net (Andrey Andreev)

Hi,

On Sun, Jul 22, 2018 at 2:21 AM, Pedro Magalh=C3=A3es <mail@pmmaga.net> wro=
te:
> On Sat, Jul 21, 2018 at 11:26 PM Andrey Andreev <narf@devilix.net> wrote:
>>
>> Yes.
>>
>> All other "options" are actual *cookie attribute* names, as defined by
>> the various IETF RFCs, while "lifetime" is just a convenient name used
>> by PHP. It doesn't correspond to a particular attribute, but instead
>> the values for the Expires and Max-Age attributes are derived from it.
>> I believe during discussion I insisted that the parameter be called
>> "attributes", for this very reason.
>
>
> Hi,
>
> While I do understand your reasoning, I find it extremely unfriendly to t=
he
> user of the function to ask for one parameter separate from all the other=
s
> for that reason alone.
> Also, keep in mind that all this function does is set the `session.cookie=
_*`
> ini entries. So all parameters are treated equally.
>

Ok, I can see how it can be inconvenient for
session_set_cookie_params(), though calling it "extremely" unfriendly
is some exaggeration IMO. But while I didn't quote that part of your
message, you did also suggest to apply the same decision to other
functions and so I am talking about all of them.

I'd be ok with this for session_set_cookie_params() alone, but not for
set[raw]cookie().

>>
>> On another note, I also wanted that pretty much any key/value pair to
>> be accepted instead of raising an error, for forward compatibility.
>
>
> I really believe that the user spotting errors like `['expries' =3D> time=
() +
> 3600]` faster is more valuable than FC.
>

Honestly, the fact that you chose "expires" for this particular
example IMO only makes a stronger case for why it needs to be
separated. :)

Cheers,
Andrey.