Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:96504
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 30797 invoked from network); 20 Oct 2016 08:11:42 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 20 Oct 2016 08:11:42 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:45855] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 6E/F0-24564-C3C78085 for <internals@lists.php.net>; Thu, 20 Oct 2016 04:11:42 -0400
Received: (qmail 116090 invoked by uid 89); 20 Oct 2016 08:11:37 -0000
Received: from unknown (HELO mail-qk0-f174.google.com) (yohgaki@ohgaki.net@209.85.220.174)
  by 0 with ESMTPA; 20 Oct 2016 08:11:37 -0000
Received: by mail-qk0-f174.google.com with SMTP id z190so78503315qkc.2
        for <internals@lists.php.net>; Thu, 20 Oct 2016 01:11:37 -0700 (PDT)
X-Gm-Message-State: AA6/9RlFZKxjvK+ZBR77eLIw1evPgGi4CtrI2S3RBCFx2R1klNng8pO+EBtEN+Buy2UqDkCiJVTsoShuBfG/wg==
X-Received: by 10.55.151.70 with SMTP id z67mr11333844qkd.185.1476951091224;
 Thu, 20 Oct 2016 01:11:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.38 with HTTP; Thu, 20 Oct 2016 01:10:50 -0700 (PDT)
In-Reply-To: <0B722A15-A29F-498B-987F-F6BA5AA49EEF@bobs-bits.com>
References: <CAGa2bXb0CKP6=eZZk2atR5XGtR8JmQ3FG756wn0J7kkPGYFyZg@mail.gmail.com>
 <1eab7492-596c-ffd2-81ed-0eb9256a033e@gmail.com> <CAGa2bXY5u_VgJnoOq06dGj4uS2uVDwCC4qm358tJHEq+gfHVuw@mail.gmail.com>
 <0B722A15-A29F-498B-987F-F6BA5AA49EEF@bobs-bits.com>
Date: Thu, 20 Oct 2016 17:10:50 +0900
X-Gmail-Original-Message-ID: <CAGa2bXZq6uydypJNGw3n7wJ3VRCS0o3c2L_FABYJZ-B1x4naGg@mail.gmail.com>
Message-ID: <CAGa2bXZq6uydypJNGw3n7wJ3VRCS0o3c2L_FABYJZ-B1x4naGg@mail.gmail.com>
To: Stephen Reay <stephen@bobs-bits.com>
Cc: Stanislav Malyshev <smalyshev@gmail.com>, 
	"internals@lists.php.net" <internals@lists.php.net>, Davey Shafik <davey@php.net>, Xinchen Hui <laruence@php.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] header() removes all header of the same name.
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi Stephen,

On Thu, Oct 20, 2016 at 4:48 PM, Stephen Reay <stephen@bobs-bits.com> wrote=
:
>
> Just to make my earlier point of view crystal clear: As a purely userland=
 party and someone maintaining a PHP framework, I don=E2=80=99t think it=E2=
=80=99s acceptable to limit which headers header()/header_remove() can oper=
ate on, particularly when the problem you=E2=80=99re trying to =E2=80=98sol=
ve=E2=80=99 is simply incorrect use of the functions available. It *is* pos=
sible to achieve any outcome desired with *correct* use of the header, sess=
ion and cookie functions (and assuming the $replace argument to header() wo=
rks correctly).
>
> I still believe the way to solve this issue is with better information ab=
out usage, not by removing existing functionality.
>
> So, please do *not* consider this to be an acceptable solution.

The idea is to separate HTTP header handling functions.

 - header*() for any HTTP headers except 'Set-Cookie'
 - cookie*() for only 'Set-Cookie' header

Developer does not lose anything.

As you mention, custom 'Set-Cookie' header is for advanced users.
Those people wouldn't have problems with new API.

With this new API, we'll have standard confirming function names for
cookie functions as a bonus, too. (I'm enthusiastic to clean up and
have consistent function names as you might know.)

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net