Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:122028
Return-Path: <dossche.niels@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 4040 invoked from network); 24 Dec 2023 11:46:44 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 24 Dec 2023 11:46:44 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id C8970180031
	for <internals@lists.php.net>; Sun, 24 Dec 2023 03:47:07 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <dossche.niels@gmail.com>
Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sun, 24 Dec 2023 03:47:06 -0800 (PST)
Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-40d4a7f0c4dso18449795e9.1
        for <internals@lists.php.net>; Sun, 24 Dec 2023 03:46:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1703418401; x=1704023201; darn=lists.php.net;
        h=content-transfer-encoding:subject:from:to:content-language
         :user-agent:mime-version:date:message-id:from:to:cc:subject:date
         :message-id:reply-to;
        bh=K6pBWzy7ZDJfT0tCcuf9uOHWuw2l9hqcqXozzwmd4XQ=;
        b=GNfrDTQV3pe18NZ3+r+hfrRHAaBc+h6JtnQupe0RK+dL2Lr0BS+mFyYaGGd60gcstz
         6K9BiUMZmAPNvEsmY8mMl495HJ+DeXNhWIPmAWBLzYfsWem9HFNqT/6KNVzITgjroDhi
         4IWWe7GNiBn14YKPxIuNPs+nJVxJb1StA5yMaptL1tEGxtclH4mcml8KJIx1u/cZGwQt
         gUj7RIyMdzqpoo06PnaZ/ZdKZCOJPr5gD7Cnp2us48PG+R7urSj5pfGN1iHuSmP3P9BA
         qaPCTCzgUHUQiHXzZetz8MSBY4+MapBAhOa/06YpE3M0CCCC74SGmzLY1wncjMh+lZEc
         CS8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703418401; x=1704023201;
        h=content-transfer-encoding:subject:from:to:content-language
         :user-agent:mime-version:date:message-id:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=K6pBWzy7ZDJfT0tCcuf9uOHWuw2l9hqcqXozzwmd4XQ=;
        b=MA6C2Q8x1dO1bS3RnYp9mgk3SXl1n7OhK3tnywkK9IvrevvjqEGySLoKo0UdGt+EX/
         bEKa737vBC4KchB84hrcjH710z8Y2jsczvWmpeUozxBGjuB7soCCwbXFxhmhAOWhcS1W
         qiMayoLR62gU/5S79jRG2PZWaPDOJ+rqD7WN06QJDu5fQrIa5uF40n4CI9p8pMj9NlAa
         xCbljB4WTW0RmaC5NhgbiH4cJWW8zgv3H1cFzu/eG7HAFQ4Iey72FcaO2aG5XGA7EQvo
         q4QjQxCroR5gU8Mhx6XY7EQhWkqvCtx6aJAdMVzc3CBoNojS1d9/d9f4rmZkLuqyBT+1
         7Syw==
X-Gm-Message-State: AOJu0YxJsP5TLAkb6nbSwpkKSxQQjvR7k+FceAEo5g2Eh4Iesj7CIlm5
	5oPXnNmKkuG6yjo8EuZ2YR31iuMfUeg=
X-Google-Smtp-Source: AGHT+IH5ihwf51Z9J0PES04fW3/YNC2d5RRHgMWIEzzVPnGI3LSSsYn75h8oYYL5c7EPNYxfiTfjUg==
X-Received: by 2002:a05:600c:4e8f:b0:40d:38df:57f3 with SMTP id f15-20020a05600c4e8f00b0040d38df57f3mr2224856wmq.92.1703418400961;
        Sun, 24 Dec 2023 03:46:40 -0800 (PST)
Received: from ?IPV6:2a02:1811:cc83:ee30:8e76:2662:766d:ebaa? (ptr-dtfv04vjm7u23t23d7u.18120a2.ip6.access.telenet.be. [2a02:1811:cc83:ee30:8e76:2662:766d:ebaa])
        by smtp.gmail.com with ESMTPSA id n35-20020a05600c3ba300b004064e3b94afsm21846464wms.4.2023.12.24.03.46.40
        for <internals@lists.php.net>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Sun, 24 Dec 2023 03:46:40 -0800 (PST)
Message-ID: <76dc625a-0e45-4377-bfff-2aba5244acae@gmail.com>
Date: Sun, 24 Dec 2023 12:46:40 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Partitioned cookies
From: dossche.niels@gmail.com (Niels Dossche)

Hi internals

I opened a PR [1] to implement Partitioned cookie support, as requested on the bugtracker [2], into the setcookie() PHP function. This is done by adding an option to the $options array, not via an additional argument to the function. The amount of code to support this is tiny.

This cookie option is being pushed by browser vendors (primarily by Google it seems) to eliminate third-party cookies [3, 4]. One of the impacts here is that cookies marked with "SameSite=None; Secured" without "Partitioned" will stop working eventually during 2024.

Although the Partitioned cookie proposal is still a draft, Chrome will apply the change starting in January 2024 for a tiny percentage of users (as a form of A/B testing it seems). Symfony has already implemented support for this option as well [5].
The SameSite option was also added in PHP when it was still in a draft.

Let me know what you think and if you are okay / objecting to merging this PR.

Kind regards
Niels

[1] https://github.com/php/php-src/pull/12652
[2] https://github.com/php/php-src/issues/12646
[3] https://developers.google.com/privacy-sandbox/3pcd
[4] https://developer.mozilla.org/en-US/docs/Web/Privacy/Partitioned_cookies
[5] https://github.com/symfony/symfony/pull/52002