Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:102963 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 11538 invoked from network); 24 Jul 2018 16:37:38 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Jul 2018 16:37:38 -0000 Authentication-Results: pb1.pair.com header.from=mail@pmmaga.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=mail@pmmaga.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain pmmaga.net designates 149.210.149.72 as permitted sender) X-PHP-List-Original-Sender: mail@pmmaga.net X-Host-Fingerprint: 149.210.149.72 outbound1.mail.transip.nl Received: from [149.210.149.72] ([149.210.149.72:37316] helo=outbound1.mail.transip.nl) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 01/9A-12660-EC5575B5 for ; Tue, 24 Jul 2018 12:37:37 -0400 Received: from submission6.mail.transip.nl (submission6.mail.transip.nl [149.210.149.10]) by outbound1.mail.transip.nl (Postfix) with ESMTP id 41ZkY81SbXzT53N for ; Tue, 24 Jul 2018 18:37:32 +0200 (CEST) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by submission6.mail.transip.nl (Postfix) with ESMTPA id 41ZkY33JRfz12MGR for ; Tue, 24 Jul 2018 18:37:26 +0200 (CEST) Received: by mail-wr1-f44.google.com with SMTP id c13-v6so4804745wrt.1 for ; Tue, 24 Jul 2018 09:37:26 -0700 (PDT) X-Gm-Message-State: AOUpUlEUYzMJEclhsc3Fq0UYzkuYs2/WVyLiqFRRT+BsmoILBJQ8mknC 5e/+b3OYiU8Dg9jGppGl0t2wg7GJ0roVZ2PDJwc= X-Google-Smtp-Source: AAOMgpeBmDXjwa+OWykmnjxbjZOOOvPfUgiua5m7nCuS5+6s2cThBJzshInKHZPROFuHQEoszdTTo6wa+pbzJvFC4uc= X-Received: by 2002:adf:f9c9:: with SMTP id w9-v6mr12133842wrr.105.1532450246566; Tue, 24 Jul 2018 09:37:26 -0700 (PDT) MIME-Version: 1.0 References: <1abd260d-ebc4-a062-3381-72485946e8bc@gmail.com> In-Reply-To: Date: Tue, 24 Jul 2018 17:37:15 +0100 X-Gmail-Original-Message-ID: Message-ID: To: Andrey Andreev Cc: f.bosch@genkgo.nl, Stanislav Malyshev , PHP internals Content-Type: multipart/alternative; boundary="0000000000009529780571c160b5" X-Scanned-By: ClueGetter at submission6.mail.transip.nl DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=transip-a; d=pmmaga.net; t=1532450249; h=from:reply-to:subject:to: cc:references:in-reply-to:date:mime-version:content-type; bh=4XPSXr/S2FE6bwDjxQJWQoHTwaZ3X/1drHWGhTZBb1I=; b=eT+dfAfxYkiEg7NsZlolP9Ws0F2nJog5uvrVU3s/CG/6xX6GPneTuBRvfBf4Xw9tx1z6+3 AJLMFUqRoSiPDFf3GV5K6olAlySSvmT092oUq/s6fuX8IRwUNfMVc2T3q66lEAqgBmMv3Y KU+eXkVmJtAR8/F8A07VFCPilXpYwcyMFCUIBsRMnK+R8+x4qZryIwxWfAj1w9WZuN5En6 JyJv3ZhOAdZD+RIe7UwgIz0ACQxQDfyBz8/cSdxqSk8ubmUu1Ze+yo5D4Bkflsb+sU48x/ bI+RH6ksazD3KucZPiQIJ7yGg75qk216tB/yvj5CZlwssqLzgjdq7eZgndN7NQ== X-Report-Abuse-To: abuse@transip.nl Subject: Re: [PHP-DEV] [VOTE] Same Site Cookie RFC From: mail@pmmaga.net (=?UTF-8?Q?Pedro_Magalh=C3=A3es?=) --0000000000009529780571c160b5 Content-Type: text/plain; charset="UTF-8" On Sun, Jul 22, 2018 at 6:54 PM Andrey Andreev wrote: > Last, but certainly not least, we talk about $expires here only becase > that's how it's (currently) named in either documentation and/or > reflection. But for all intents and purposes it may as well be named > $fooBar and it wouldn't matter as long as it is a concrete parameter, > whereas an associative array key name is very important. Now I'd have > to remember if it actually is "lifetime", "expire" or "expires" ... or > is it "max-age"? Not only that, but if it is either "expires" or > "max-age", I would rightfully have reasons to believe that the > expected input should be match the actual Set-Cookie attribute instead > of a PHP-specific value. > That's very unintuitive and I believe we have a general consensus on > this list that array parameters are somewhat evil. You have to > remember that the only reason we're doing this here is to avoid > parameter creep with potential for infinity, and nothing else. > Hi Andrey, Well, "expires" is what ends up in the cookie header itself so I think that it's simple to remember. But I do understand your arguments on semantic purity and the fact that Max-Age is derived from it but I still believe that in this case, it's not worth the distinction. If there ever comes a new attribute that won't be used verbatim, what would we do? Leave it between $expires and the options array and break all existing code? Leave it to the end of the signature to avoid the BC break but then we are left with something really awkward? Given that we understand each other but we just disagree on what is more important, I'd really like to hear someone else's opinion. If we are to get something into 7.3 (which I believe we should due to https://github.com/php/php-src/pull/2613#issuecomment-401266510) and with the feature freeze in one week, we should reach an agreement on what to do very soon. Regards, Pedro --0000000000009529780571c160b5--