Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:122030
Return-Path: <derick@php.net>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 14945 invoked from network); 24 Dec 2023 16:04:08 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 24 Dec 2023 16:04:08 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 78320180056
	for <internals@lists.php.net>; Sun, 24 Dec 2023 08:04:32 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DMARC_MISSING,
	SPF_HELO_PASS,SPF_NEUTRAL autolearn=no autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <derick@php.net>
Received: from xdebug.org (xdebug.org [82.113.146.227])
	by php-smtp4.php.net (Postfix) with ESMTP
	for <internals@lists.php.net>; Sun, 24 Dec 2023 08:04:31 -0800 (PST)
Received: from [127.0.0.1] (88-159-147-192.fixed.kpn.net [88.159.147.192])
	by xdebug.org (Postfix) with ESMTPSA id CADDF10C24D;
	Sun, 24 Dec 2023 16:04:06 +0000 (GMT)
Date: Sun, 24 Dec 2023 17:04:07 +0100
To: internals@lists.php.net, Niels Dossche <dossche.niels@gmail.com>,
 PHP internals <internals@lists.php.net>
User-Agent: K-9 Mail for Android
In-Reply-To: <76dc625a-0e45-4377-bfff-2aba5244acae@gmail.com>
References: <76dc625a-0e45-4377-bfff-2aba5244acae@gmail.com>
Message-ID: <50E720CC-29B0-46E6-8581-C5A549DEDA44@php.net>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] Partitioned cookies
From: derick@php.net (Derick Rethans)

On 24 December 2023 12:46:40 CET, Niels Dossche <dossche=2Eniels@gmail=2Eco=
m> wrote:
>Hi internals
>
>I opened a PR [1] to implement Partitioned cookie support, as requested o=
n the bugtracker [2], into the setcookie() PHP function=2E This is done by =
adding an option to the $options array, not via an additional argument to t=
he function=2E The amount of code to support this is tiny=2E
>
>This cookie option is being pushed by browser vendors (primarily by Googl=
e it seems) to eliminate third-party cookies [3, 4]=2E One of the impacts h=
ere is that cookies marked with "SameSite=3DNone; Secured" without "Partiti=
oned" will stop working eventually during 2024=2E
>
>Although the Partitioned cookie proposal is still a draft, Chrome will ap=
ply the change starting in January 2024 for a tiny percentage of users (as =
a form of A/B testing it seems)=2E Symfony has already implemented support =
for this option as well [5]=2E
>The SameSite option was also added in PHP when it was still in a draft=2E
>
>Let me know what you think and if you are okay / objecting to merging thi=
s PR=2E


I've two concerns (none with the PR, as I haven't checked):

- Compatibility: https://developer=2Emozilla=2Eorg/en-US/docs/Web/Privacy/=
Partitioned_cookies#browser_compatibility
- What happens if it just stays a draft, or doesn't get accepted, or with =
a different name?

And also, would/should the PHP function enforce that this should only be s=
et if for example Secure is set too? And if so, with a warning or TypeError=
?

cheers
Derick