Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:102952
Return-Path: <mail@pmmaga.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 66425 invoked from network); 22 Jul 2018 15:48:16 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 Jul 2018 15:48:16 -0000
Authentication-Results: pb1.pair.com smtp.mail=mail@pmmaga.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=mail@pmmaga.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain pmmaga.net designates 149.210.149.72 as permitted sender)
X-PHP-List-Original-Sender: mail@pmmaga.net
X-Host-Fingerprint: 149.210.149.72 outbound1.mail.transip.nl  
Received: from [149.210.149.72] ([149.210.149.72:37906] helo=outbound1.mail.transip.nl)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B8/6D-47674-C37A45B5 for <internals@lists.php.net>; Sun, 22 Jul 2018 11:48:15 -0400
Received: from submission5.mail.transip.nl (submission5.mail.transip.nl [149.210.149.125])
	by outbound1.mail.transip.nl (Postfix) with ESMTP id 41YTY46bFbzT4wK
	for <internals@lists.php.net>; Sun, 22 Jul 2018 17:48:08 +0200 (CEST)
Received: from mail-wm0-f51.google.com (mail-wm0-f51.google.com [74.125.82.51])
	by submission5.mail.transip.nl (Postfix) with ESMTPA id 41YTY304Ymz7t9V
	for <internals@lists.php.net>; Sun, 22 Jul 2018 17:48:06 +0200 (CEST)
Received: by mail-wm0-f51.google.com with SMTP id t25-v6so4767443wmi.3
        for <internals@lists.php.net>; Sun, 22 Jul 2018 08:48:06 -0700 (PDT)
X-Gm-Message-State: AOUpUlE8owW+OFcY62YplpJ4Mw1z6QEdvMyjYFXCaLDdtov8Qdz0HNzs
	rFXZ98DHSSnTt+b2Y20NMa/OnRu9c+2ZEb687pQ=
X-Google-Smtp-Source: AAOMgpcofd4ruIwTkvKSYwOuaX0I5OSX3F92rQsxaUr+h9ebZFXzrGk7JzzqTlF+lFATxfNtaprfmfOYWwfQ3D9QplY=
X-Received: by 2002:a1c:6444:: with SMTP id y65-v6mr5189999wmb.98.1532274480660;
 Sun, 22 Jul 2018 08:48:00 -0700 (PDT)
MIME-Version: 1.0
References: <a4189866-23ea-4dc5-12a4-a7fbad8e5601@genkgo.nl>
 <1abd260d-ebc4-a062-3381-72485946e8bc@gmail.com> <a55b37e3-268c-f8ab-6545-6cf7a4f537f0@genkgo.nl>
 <CAJd4=Ya67XaX3bwwQn20GUQqEvEVe8XEepRz9+of6h4t4fC_fg@mail.gmail.com>
 <CAPhkiZzSfwMd7TthF7jcWwY+JTnFyamyevnWDZZhGGF_qpEpKA@mail.gmail.com>
 <CAJd4=YZfMgJ7pLwUx_0GqdV+KMCGqYZFhQEDV_2KTMOKiRi6dA@mail.gmail.com> <CAPhkiZyHTy8m8N9f531GTMcNNhWO7Rj0U9vtMXzg3FhGyJQ0Vg@mail.gmail.com>
In-Reply-To: <CAPhkiZyHTy8m8N9f531GTMcNNhWO7Rj0U9vtMXzg3FhGyJQ0Vg@mail.gmail.com>
Date: Sun, 22 Jul 2018 16:47:52 +0100
X-Gmail-Original-Message-ID: <CAJd4=Yb-Njie8_f+83BtDcu=smxOGL3_5pGtCyu91z81oMja9Q@mail.gmail.com>
Message-ID: <CAJd4=Yb-Njie8_f+83BtDcu=smxOGL3_5pGtCyu91z81oMja9Q@mail.gmail.com>
To: Andrey Andreev <narf@devilix.net>
Cc: f.bosch@genkgo.nl, Stanislav Malyshev <smalyshev@gmail.com>, 
	PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="0000000000001e45ea05719874ba"
X-Scanned-By: ClueGetter at submission5.mail.transip.nl
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 s=transip-a; d=pmmaga.net; t=1532274487; h=from:reply-to:subject:to:
 cc:references:in-reply-to:date:mime-version:content-type;
 bh=iEvzhBqu6Tfk1TW/iaaV1YHSrAIW8evyMkiEY2ufqqE=;
 b=UAaTg5YYSlOsoQh+HlLDHJlAxYsuts6jRFJF4LjaaIvcQ+RC2w7KY2685VPEJRRnf5xL5v
 oLkkVMVgeKr36doqVMMxP9xRN2EfFd/m+rLYZzW7R0ubuoJHhKZtt2LKDAAfpoRTMif4zt
 oMN8Qk/7JoSc0BW5E6TkrXFQwZYbDINm18ant0hyOe96wwGFWGFH3KwwgcQfGieyQCPELq
 IQol1Jdzks0wpGW19fU1T8mKknV7Qqq3tVSRhPryztpftIAmOTOsy3FlriJ2Vh3EtGwYvK
 XEYJ9dAoD1o1IUniHXfP/AmqqlR5xULnMwdHQNss5s5Rhlrf0PrKw7pLX1h2uA==
X-Report-Abuse-To: abuse@transip.nl
Subject: Re: [PHP-DEV] [VOTE] Same Site Cookie RFC
From: mail@pmmaga.net (=?UTF-8?Q?Pedro_Magalh=C3=A3es?=)

--0000000000001e45ea05719874ba
Content-Type: text/plain; charset="UTF-8"

On Sun, Jul 22, 2018 at 1:16 PM Andrey Andreev <narf@devilix.net> wrote:

> Ok, I can see how it can be inconvenient for
> session_set_cookie_params(), though calling it "extremely" unfriendly
> is some exaggeration IMO.


Hi,

Right, I may have been a bit overly dramatic. :)


> But while I didn't quote that part of your
> message, you did also suggest to apply the same decision to other
> functions and so I am talking about all of them.
>
> I'd be ok with this for session_set_cookie_params() alone, but not for
> set[raw]cookie().
>

I thought your comment was about  session_set_cookie_params only because
your reasoning about lifetime (as a relative amount of time) being a PHP
construct only makes sense there.
So I'm not sure why for set[raw]cookie the expires attribute would be
treated different from the others? Max-Age is derived from it, but the
value you pass to expires will be directly used in the cookie attribute
(although in a different datetime format). Some other attributes are also
not used verbatim. For instance, 'secure' being true or false also means
the `secure;` attribute being present or omitted.
Thinking again from the perspective of the user, I would find it annoying
to have the expires attribute separate from the others.

Regards,
Pedro

--0000000000001e45ea05719874ba--