Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:78554
Return-Path: <rowan.collins@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 16200 invoked from network); 1 Nov 2014 21:47:52 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 1 Nov 2014 21:47:52 -0000
Authentication-Results: pb1.pair.com smtp.mail=rowan.collins@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rowan.collins@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.53 as permitted sender)
X-PHP-List-Original-Sender: rowan.collins@gmail.com
X-Host-Fingerprint: 74.125.82.53 mail-wg0-f53.google.com  
Received: from [74.125.82.53] ([74.125.82.53:65042] helo=mail-wg0-f53.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 94/60-13276-80555545 for <internals@lists.php.net>; Sat, 01 Nov 2014 16:47:52 -0500
Received: by mail-wg0-f53.google.com with SMTP id b13so8716434wgh.12
        for <internals@lists.php.net>; Sat, 01 Nov 2014 14:47:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        bh=GYq/0ywGkEf07do4fzPDf4LeY6plY4S+l9SmvGA9+QM=;
        b=iooxwwFKmag2T0NZRC5K+fKmhuul51b/WhRDahcbf/0PMZ7NJZ2Q04ee+icqKOCD9e
         CDH2CAqRNB2W3Ng94K4h1nYuE0z7KraAm3VP0v4Irau1ZXPkx5j4AB0iNseoxXUTpFXu
         aq55QuwjbOkJ1VLYpjqmLXXLIg7YR0c6YDCTjXH7AQ+TNb7v3ePjYVckB+VZfkAF/E8k
         51WuMEW/esnweH/XGkjMw10y/dtktM6NoSzQBpPTNGavNbDKohHbKRjN4fYjTFfDpoT0
         UsMHu3ctebcVR679BPQVh30HaOMwZ4+5BdNqAE7L9r1ATP6ZrVJtqLzLidCUBCHsG/kZ
         k4ZQ==
X-Received: by 10.180.8.34 with SMTP id o2mr5883835wia.23.1414878468572;
        Sat, 01 Nov 2014 14:47:48 -0700 (PDT)
Received: from [192.168.0.2] (cpc68956-brig15-2-0-cust215.3-3.cable.virginm.net. [82.6.24.216])
        by mx.google.com with ESMTPSA id l4sm13149597wjx.14.2014.11.01.14.47.47
        for <internals@lists.php.net>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 01 Nov 2014 14:47:47 -0700 (PDT)
Message-ID: <545554F7.70906@gmail.com>
Date: Sat, 01 Nov 2014 21:47:35 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: internals@lists.php.net
References: <CABRjmp_2DzhrGGoknZvSZ6fM=okjz+Od+2t0TVrNarc2fRLWiA@mail.gmail.com> <CAHMUw2HVmJD9syo8Rbc1=bA5S3U9umS0_XHFzwzWsY9Ee7UneQ@mail.gmail.com> <CAL+t6cEfbd7KbB=EbhdqgLKG6tBURgj+Ls9Y62tjOHL1Y+r-SA@mail.gmail.com> <CAH-PCH7tDQCtmAbPNOF4ONkeSQz5wr89XJ81a0USmzCqKi=26g@mail.gmail.com> <CAGAGxbYuimpj+phbNXn_3e_17vpGEkes7Pn5jCh9j27uZoOT8Q@mail.gmail.com> <CABRjmp8rdVmCPCA5xdfgUirCKg=kF3NHXYK0xmPgOxS+4sKc9w@mail.gmail.com> <m33i7l$17q$1@ger.gmane.org>
In-Reply-To: <m33i7l$17q$1@ger.gmane.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] setcookie() minor BC break - fixes issue #67736
From: rowan.collins@gmail.com (Rowan Collins)

On 01/11/2014 21:10, Alexander Kurilo wrote:
>> What should be done? Trying to keep BC at a minimum by adding an
>> unsetcookie() method and add warnings? Try to detect the deletion of
>> cookies (empty value) and add warnings to keep even more BC?
> Just in case: I believe cookies are removed not by setting an empty 
> value to them, but by setting their expiration date to a timestamp the 
> past. 

My first thought on seeing unsetcookie() as a name was that it will lead 
to a lot of confusion as to what it actually does; if you didn't know 
about this discussion, would you expect it to:

a) remove a Set-Cookie header which has been added to the current 
response (the actual behaviour required to avoid the behaviour that 
SHOULD NOT be done according to the RFC), leaving any cookie the remote 
UA has stored untouched?
b) add a Set-Cookie header to the response to expire an existing cookie 
the remote UA might have stored (a useful feature, but unrelated to this 
bug)?
c) replace any existing Set-Cookie header with that cookie name with one 
which instead expires that cookie (i.e. both a and b at the same time)?

What seems to actually be wanted is more like replace_cookie() - "I 
asked you to set this cookie earlier this page load, but actually set 
this one instead". Or, equivalently, some change to setcookie()'s 
parameter list to allow this behaviour, as others have suggested.

There is already a lot of confusion around the difference between the 
cookies in $_COOKIE and those set with setcookie() (i.e. that your new 
cookie won't show up in the superglobal until next request). The idea of 
removing something from the list of cookies which are queued to be set 
by this response is not something that's easy to explain clearly in that 
context, so I think the naming and documentation of any such feature 
needs to be approached very carefully.

Regards,

-- 
Rowan Collins
[IMSoP]