Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:64453
Return-Path: <theanomaly.is@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 87730 invoked from network); 28 Dec 2012 03:00:42 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 28 Dec 2012 03:00:42 -0000
Authentication-Results: pb1.pair.com smtp.mail=theanomaly.is@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=theanomaly.is@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.180 as permitted sender)
X-PHP-List-Original-Sender: theanomaly.is@gmail.com
X-Host-Fingerprint: 74.125.82.180 mail-we0-f180.google.com  
Received: from [74.125.82.180] ([74.125.82.180:40561] helo=mail-we0-f180.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 70/62-59750-95B0DD05 for <internals@lists.php.net>; Thu, 27 Dec 2012 22:00:42 -0500
Received: by mail-we0-f180.google.com with SMTP id t57so4613079wey.25
        for <internals@lists.php.net>; Thu, 27 Dec 2012 19:00:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=tnLoPe/VEfA5o6LohVouMfG8dz1HsoL50R9e4g2lkMw=;
        b=eztEEBDR9AM6NFh4E0LH46fGEw6bM1NMc7Ljzl52Ysca60L5iLElsBAlzr9stOfaAJ
         sYVLysFP/Rba+4uxUQ2Uzs0qglu0hAALfH4YN2DQrTI3Q3AjWnEDFfInM7vA7msAmUax
         j0AApRy7L5KayrBoC/P04oS6FGPm0WXi4oBxOEfmPWqpuUztCzUEtw/qpzMiMbkS9MuO
         2oaQAnHdQxgL48epXSmqWNJNGqTYKfP54G7hU6JYz+f8GqaRKaJep/QiAMH6Xu+XBtye
         5QFp7+ZNb0SZX6I+3Y2TpiNusKRw/oS96tE3TtXiuTD6X9Z9/kVu2jYckF0E3FZ+oK6t
         yH+w==
MIME-Version: 1.0
Received: by 10.180.73.80 with SMTP id j16mr49831384wiv.5.1356663639465; Thu,
 27 Dec 2012 19:00:39 -0800 (PST)
Received: by 10.227.43.19 with HTTP; Thu, 27 Dec 2012 19:00:39 -0800 (PST)
In-Reply-To: <20121228045131.3g44jjlw8cc4sgk4@mail.orbitel.bg>
References: <20121210142818.9erzxulg08cwwck8@mail.orbitel.bg>
	<CAMUwpuSOW1=tht0j5VR3cS5_Meny4jorj-Dg5DaRR4F52YjAag@mail.gmail.com>
	<20121228042651.edrb8sz5cs4sgwwc@mail.orbitel.bg>
	<CAL+t6cF21RkJMk_ZRYjfu-Z37o7M=YfGRkR2LXu5YLQkog1Nsw@mail.gmail.com>
	<20121228045131.3g44jjlw8cc4sgk4@mail.orbitel.bg>
Date: Thu, 27 Dec 2012 22:00:39 -0500
Message-ID: <CAL+t6cGg9PF0Z=MHA_7eMh_oXfkjNkFzCBEHEs_9M3+he+LYkg@mail.gmail.com>
To: Andrey Andreev <narf@bofh.bg>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=f46d043bdf384f5f7704d1e0de1e
Subject: Re: [PHP-DEV] Bug #23955: Cookie Max-Age attribute
From: theanomaly.is@gmail.com (Sherif Ramadan)

--f46d043bdf384f5f7704d1e0de1e
Content-Type: text/plain; charset=ISO-8859-1

On Thu, Dec 27, 2012 at 9:51 PM, Andrey Andreev <narf@bofh.bg> wrote:

> Quoting Sherif Ramadan <theanomaly.is@gmail.com>:
>
>  There's no mention in the RFC of how the functionality will work in PHP.
>> Is
>> it possible to add example code of how it is to be used based on this
>> implementation?
>>
>
> "Max-Age" would simply be added to all Set-Cookie headers, after the
> "Expires" attribute. I thought that was obvious, but I'll make sure to add
> a few examples to make it clearer.


Well, even if it were obvious the RFC should be a technical specification
of what's being introduced. Things should be stated and explained there as
clearly as possible. At least so much so that people shouldn't have to
guess about what is going to actually happen when they run certain code.

For example, how are session cookies affected? What determines the actual
delta? I would assume it's the determined by the Unix timestamp supplied to
setcookie? Should setting this attribute in the response headers be
included automatically for session cookies? I would think it would, but I'm
not certain since it's not mentioned.

Other than some brief examples of usage and perhaps including those small
details I think it's pretty clear and I like the idea :)

Thanks for taking the time on that.


>
>
>  What BC breaks it introduced (if any)? Can there be an
>> option to use both Max-Age and Expires cookie attributes with the
>> introduced changes? How does the user know which attribute is being set?
>> None of this information seems to be in the RFC.
>>
>
> This is all (briefly) described under the "Technical details and
> considerations" section - both attributes should be sent and no side
> effects and/or breaking changes are expected.
>
> As for how a user would know it - just like with the current cookies being
> sent (either via setcookie() or by ext/session), by looking at their
> Set-Cookie HTTP headers.
>
>

--f46d043bdf384f5f7704d1e0de1e--