Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96508 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 38222 invoked from network); 20 Oct 2016 09:01:58 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Oct 2016 09:01:58 -0000 Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.217 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.217 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.217] ([81.169.146.217:31807] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 7B/72-24564-40888085 for ; Thu, 20 Oct 2016 05:01:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1476954113; l=3215; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To: MIME-Version; bh=DRkulAk7zOG3tdgylL1W9XkI3iDT31MFJJBX+MVfpDA=; b=GEGC9jhHoup/i7IyumbNy7Ci3jTrg7EdNPkBXMChmlSalbX/cLftZZ78q+i9mH5xQqo 5VC/VE4w8jokFx6+mOHC7RkoWDYV44Bq+Igm7Zt/H2oQalyUbynjwrqFdw9GHNMAU+KJa 3XBGHk5w5efOCWJl6Z1f1sGlySgnzA70cI8= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLDup6E67mzuoNJBqD/si4= X-RZG-CLASS-ID: mo00 Received: from mail-qt0-f172.google.com ([209.85.216.172]) by smtp.strato.de (RZmta 39.6 AUTH) with ESMTPSA id 605230s9K91rWnH (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for ; Thu, 20 Oct 2016 11:01:53 +0200 (CEST) Received: by mail-qt0-f172.google.com with SMTP id q7so45280008qtq.1 for ; Thu, 20 Oct 2016 02:01:53 -0700 (PDT) X-Gm-Message-State: AA6/9Rmu6sRxjtGdkyeTANcmGMPOKwaFDuObNwIiWKpnuUoJ/r8Lqw04T9CO4fXtdQr6oKUF3m5frH2nZQHNPw== X-Received: by 10.194.166.232 with SMTP id zj8mr6939178wjb.225.1476954112756; Thu, 20 Oct 2016 02:01:52 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.177.153 with HTTP; Thu, 20 Oct 2016 02:01:52 -0700 (PDT) In-Reply-To: References: <1eab7492-596c-ffd2-81ed-0eb9256a033e@gmail.com> <0B722A15-A29F-498B-987F-F6BA5AA49EEF@bobs-bits.com> <59D6B40B-DC64-43A3-AED4-CD5C9C15B6BA@koalephant.com> Date: Thu, 20 Oct 2016 11:01:52 +0200 X-Gmail-Original-Message-ID: Message-ID: To: Yasuo Ohgaki Cc: Stephen Reay , Stanislav Malyshev , "internals@lists.php.net" , Davey Shafik , Xinchen Hui Content-Type: multipart/alternative; boundary=089e01227ab03d93f6053f482db2 Subject: Re: [PHP-DEV] header() removes all header of the same name. From: me@kelunik.com (Niklas Keller) --089e01227ab03d93f6053f482db2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable 2016-10-20 10:28 GMT+02:00 Yasuo Ohgaki : > Hi Stephen, > > On Thu, Oct 20, 2016 at 5:23 PM, Stephen Reay > wrote: > > Please understand: *no* =E2=80=9Csolution" where header() loses the abi= lity to > write any arbitrary header will be acceptable in my opinion. > > Thank you for feedback. > I'll include vote option for prohibiting 'Set-Cookie' for header*() > > Regards, > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > Hi Yasuo, same here, it's not acceptable to limit header and restrict `set_cookie`. Just think about all those frameworks that would have to specialcase setting headers now and have to use the cookie API then. If you want to protect the session cookie header, why not simply set it right before the first output? That'd make it also non-overrideable, but leaves header() intact. But I guess it's harder to implement. --089e01227ab03d93f6053f482db2--