Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:102964 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 15621 invoked from network); 24 Jul 2018 18:05:46 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Jul 2018 18:05:46 -0000 Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain devilix.net designates 209.85.221.41 as permitted sender) X-PHP-List-Original-Sender: narf@devilix.net X-Host-Fingerprint: 209.85.221.41 mail-wr1-f41.google.com Received: from [209.85.221.41] ([209.85.221.41:34241] helo=mail-wr1-f41.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 38/0B-12660-87A675B5 for ; Tue, 24 Jul 2018 14:05:45 -0400 Received: by mail-wr1-f41.google.com with SMTP id c13-v6so5039157wrt.1 for ; Tue, 24 Jul 2018 11:05:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=devilix.net; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=9UUdGUI+mXYJkDmhg4LJArOsJLXbKj/Ubbug/okYUYc=; b=D4I+n81jLpdltTSMhI2os0o8cAX34jwYo15DD2MmhdDODBKyAq96MmJKgvhBoYsy0J Ovj8asxRf0yqyH2XldOmEaSm96lah00fY8oqsHdX5XG0Uvj+Kbql6JuYEEKEFXTNKS0a P+NfC2bpfPRzkSR5BpIjoqDff1NQ2eO92P4pE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=9UUdGUI+mXYJkDmhg4LJArOsJLXbKj/Ubbug/okYUYc=; b=o8Amu2rJv28r3tGh/GClSOjzn/IGD+zYDrpOc2/SRnrVT4/zMk2CkWVZLeifhEaGRM L75/+UonvyiCWjx2egfA+i+0wLCOkL4otHo5T4LI8+zrABDUt0F/bDJxh52kccxRwqPK BLlFgr49w3iKNYjmBIZVIWrCuvAAOj6tBd9iIdPsDYCS+sUejr5c38KpDScf3egX8CnH I0GIO0MZ8xTT3f+o0Je3Q4eTpnG3EeV+054lRkA6wJ9x4E2eYReOS3EsyaazkdPI219i hUW5M1BGDiFN8xkAssFZfdH3YkO2DWAW4JmqLi5ugQ40435PbFIBPV0BooX7DelXAEDZ P+Ww== X-Gm-Message-State: AOUpUlGqhduHoIFUKCWbJ/OW5TOHZBvEoljMeyn44Gk3FdZJJJtAoj+c EbzDYK9g8w5q8AVb6Yxa6oA/glnNncV5UNJxeynxew== X-Google-Smtp-Source: AAOMgpeL2ASGSnxjYmyCBmzLZvslgr02yPUcJJWJYnt+NRTMCtuXel8E61R62sGTlFz9HZamYdRocpD8dtt+fYYgLuc= X-Received: by 2002:adf:b726:: with SMTP id l38-v6mr12694326wre.115.1532455541499; Tue, 24 Jul 2018 11:05:41 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:adf:add2:0:0:0:0:0 with HTTP; Tue, 24 Jul 2018 11:05:40 -0700 (PDT) In-Reply-To: References: <1abd260d-ebc4-a062-3381-72485946e8bc@gmail.com> Date: Tue, 24 Jul 2018 21:05:40 +0300 Message-ID: To: =?UTF-8?Q?Pedro_Magalh=C3=A3es?= Cc: "Frederik Bosch | Genkgo" , Stanislav Malyshev , PHP internals Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] [VOTE] Same Site Cookie RFC From: narf@devilix.net (Andrey Andreev) Hi, On Tue, Jul 24, 2018 at 7:37 PM, Pedro Magalh=C3=A3es wro= te: > On Sun, Jul 22, 2018 at 6:54 PM Andrey Andreev wrote: >> >> Last, but certainly not least, we talk about $expires here only becase >> that's how it's (currently) named in either documentation and/or >> reflection. But for all intents and purposes it may as well be named >> $fooBar and it wouldn't matter as long as it is a concrete parameter, >> whereas an associative array key name is very important. Now I'd have >> to remember if it actually is "lifetime", "expire" or "expires" ... or >> is it "max-age"? Not only that, but if it is either "expires" or >> "max-age", I would rightfully have reasons to believe that the >> expected input should be match the actual Set-Cookie attribute instead >> of a PHP-specific value. >> That's very unintuitive and I believe we have a general consensus on >> this list that array parameters are somewhat evil. You have to >> remember that the only reason we're doing this here is to avoid >> parameter creep with potential for infinity, and nothing else. > > > Hi Andrey, > > Well, "expires" is what ends up in the cookie header itself so I think th= at > it's simple to remember. But I do understand your arguments on semantic > purity and the fact that Max-Age is derived from it but I still believe t= hat > in this case, it's not worth the distinction. If there ever comes a new > attribute that won't be used verbatim, what would we do? Leave it between > $expires and the options array and break all existing code? Leave it to t= he > end of the signature to avoid the BC break but then we are left with > something really awkward? > Look, I get it - you have your preferences and don't want to give up on them. But now you're just speculating and aside from basically saying "not a big deal", you haven't really addressed my arguments. > Given that we understand each other but we just disagree on what is more > important, I'd really like to hear someone else's opinion. If we are to g= et > something into 7.3 (which I believe we should due to > https://github.com/php/php-src/pull/2613#issuecomment-401266510) and with > the feature freeze in one week, we should reach an agreement on what to d= o > very soon. > Fair enough. I too would like to see more people involved in the discussion= . Although ... if the RFC is considered to be accepted (which I am still not 100% sure if it should be, but that seems to be the case), then technically we already have a decision made by vote. Again, I'm not particularly happy with how it was handled, but we do have it. Cheers, Andrey.