Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:102951
Return-Path: <me@kelunik.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 61745 invoked from network); 22 Jul 2018 13:47:28 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 Jul 2018 13:47:28 -0000
Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.216 cause and error)
X-PHP-List-Original-Sender: me@kelunik.com
X-Host-Fingerprint: 81.169.146.216 mo4-p00-ob.smtp.rzone.de  
Received: from [81.169.146.216] ([81.169.146.216:16199] helo=mo4-p00-ob.smtp.rzone.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 35/DC-47674-CEA845B5 for <internals@lists.php.net>; Sun, 22 Jul 2018 09:47:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1532267241;
	s=strato-dkim-0002; d=kelunik.com;
	h=Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References:
	X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender;
	bh=Bv/MQJjqN3FRq/96jurq7ofGv0NnCkkeTlj1KVZOtGE=;
	b=BfHNvv7WR9RQFuw0mM1hV5swJe3z2EPy4g30Mer+Pd+ajVYrXUsLn1TQyaUkVB0qeY
	qLW2IVKPznBO3BQlOQcAZ3WMHsDAJD1wSYDYqMxG4CIanyPmNlLU0Bz75UMnRlJdg9JL
	gtfSrFbYkIMTroK1RTaCihSJJINK7utB4kMI4sDxLARjKVAAUjYWShXHT9rqbREa+gzf
	fb5sSozvzrIwzcBlkwt3BNsouE/zgsJWt2GPjpsG+UJo3Yw0IlVCQnSbg6xUQgMXNdqK
	WdsKj/xvJYWvCllMqJmy/g3IfQ3eyWRcm9a/zuEYlQPkM12h2TPXT39ST8H1lS1qSt04
	2e5w==
X-RZG-AUTH: ":IWkkfkWkbvHsXQGmRYmUo9mlsGbEv0XHBzMIJSS+jKTzde5mDb8AaBUcZi8tcA=="
X-RZG-CLASS-ID: mo00
Received: by mail-yb0-f181.google.com with SMTP id x10-v6so6305145ybl.10
        for <internals@lists.php.net>; Sun, 22 Jul 2018 06:47:21 -0700 (PDT)
X-Gm-Message-State: AOUpUlGKNg5kwBXIQSkITY1UHn7MgC/SELtXCunxOHgVBHsrmbtf12By
	YtNEN2U1/GBGLXQxT5FepwFJQm27cw0znHrz7Uw=
X-Google-Smtp-Source: AAOMgpchp3+OopBwSzdKiYuXliTVrYBvBDw+Eiu2TpI0Kkyby5xfXCMe2fJKt+BO3ZCLMf/GNOLWigaoxmweYUR7ULY=
X-Received: by 2002:a25:7c06:: with SMTP id x6-v6mr4915921ybc.271.1532267240934;
 Sun, 22 Jul 2018 06:47:20 -0700 (PDT)
MIME-Version: 1.0
References: <a4189866-23ea-4dc5-12a4-a7fbad8e5601@genkgo.nl>
 <1abd260d-ebc4-a062-3381-72485946e8bc@gmail.com> <a55b37e3-268c-f8ab-6545-6cf7a4f537f0@genkgo.nl>
 <CAJd4=Ya67XaX3bwwQn20GUQqEvEVe8XEepRz9+of6h4t4fC_fg@mail.gmail.com>
 <CAPhkiZzSfwMd7TthF7jcWwY+JTnFyamyevnWDZZhGGF_qpEpKA@mail.gmail.com>
 <CAJd4=YZfMgJ7pLwUx_0GqdV+KMCGqYZFhQEDV_2KTMOKiRi6dA@mail.gmail.com> <CAPhkiZyHTy8m8N9f531GTMcNNhWO7Rj0U9vtMXzg3FhGyJQ0Vg@mail.gmail.com>
In-Reply-To: <CAPhkiZyHTy8m8N9f531GTMcNNhWO7Rj0U9vtMXzg3FhGyJQ0Vg@mail.gmail.com>
Date: Sun, 22 Jul 2018 15:47:09 +0200
X-Gmail-Original-Message-ID: <CANUQDCjam10D2SANrXQBCau8wAKQyD2gXZO7Q2fiKYQHDOhUzQ@mail.gmail.com>
Message-ID: <CANUQDCjam10D2SANrXQBCau8wAKQyD2gXZO7Q2fiKYQHDOhUzQ@mail.gmail.com>
To: Andrey Andreev <narf@devilix.net>
Cc: =?UTF-8?Q?Pedro_Magalh=C3=A3es?= <mail@pmmaga.net>, 
	Frederik Bosch <f.bosch@genkgo.nl>, Stanislav Malyshev <smalyshev@gmail.com>, 
	PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] [VOTE] Same Site Cookie RFC
From: me@kelunik.com (Niklas Keller)

Am So., 22. Juli 2018 um 14:16 Uhr schrieb Andrey Andreev <narf@devilix.net=
>:
>
> Hi,
>
> On Sun, Jul 22, 2018 at 2:21 AM, Pedro Magalh=C3=A3es <mail@pmmaga.net> w=
rote:
> > On Sat, Jul 21, 2018 at 11:26 PM Andrey Andreev <narf@devilix.net> wrot=
e:
> >>
> >> Yes.
> >>
> >> All other "options" are actual *cookie attribute* names, as defined by
> >> the various IETF RFCs, while "lifetime" is just a convenient name used
> >> by PHP. It doesn't correspond to a particular attribute, but instead
> >> the values for the Expires and Max-Age attributes are derived from it.
> >> I believe during discussion I insisted that the parameter be called
> >> "attributes", for this very reason.
> >
> >
> > Hi,
> >
> > While I do understand your reasoning, I find it extremely unfriendly to=
 the
> > user of the function to ask for one parameter separate from all the oth=
ers
> > for that reason alone.
> > Also, keep in mind that all this function does is set the `session.cook=
ie_*`
> > ini entries. So all parameters are treated equally.
> >
>
> Ok, I can see how it can be inconvenient for
> session_set_cookie_params(), though calling it "extremely" unfriendly
> is some exaggeration IMO. But while I didn't quote that part of your
> message, you did also suggest to apply the same decision to other
> functions and so I am talking about all of them.
>
> I'd be ok with this for session_set_cookie_params() alone, but not for
> set[raw]cookie().
>
> >>
> >> On another note, I also wanted that pretty much any key/value pair to
> >> be accepted instead of raising an error, for forward compatibility.
> >
> >
> > I really believe that the user spotting errors like `['expries' =3D> ti=
me() +
> > 3600]` faster is more valuable than FC.
> >
>
> Honestly, the fact that you chose "expires" for this particular
> example IMO only makes a stronger case for why it needs to be
> separated. :)

It'd be great to use an OO approach instead of "magic" array keys,
e.g. like this:
https://github.com/amphp/http/blob/9c0ba2f2ebfae482b3ad7a0475eb3d1f74d87949=
/src/Cookie/CookieAttributes.php

Regards, Niklas