Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96528 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 93864 invoked from network); 20 Oct 2016 20:54:56 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Oct 2016 20:54:56 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:47427] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 99/6B-24564-D1F29085 for ; Thu, 20 Oct 2016 16:54:56 -0400 Received: (qmail 106289 invoked by uid 89); 20 Oct 2016 20:54:48 -0000 Received: from unknown (HELO mail-qk0-f178.google.com) (yohgaki@ohgaki.net@209.85.220.178) by 0 with ESMTPA; 20 Oct 2016 20:54:48 -0000 Received: by mail-qk0-f178.google.com with SMTP id n189so118684497qke.0 for ; Thu, 20 Oct 2016 13:54:48 -0700 (PDT) X-Gm-Message-State: ABUngve4nPmkVY56uSQU3eHLwtralJSoDghJvarzGQWDp8tuJn9hnLC/cPVr3BYEZ8e4v7YeCKAlZ3Z/1iDOuw== X-Received: by 10.55.177.5 with SMTP id a5mr2298889qkf.153.1476996882385; Thu, 20 Oct 2016 13:54:42 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.22.38 with HTTP; Thu, 20 Oct 2016 13:54:01 -0700 (PDT) In-Reply-To: <5411747E-8AD8-441D-AFBA-0B80A7F550A1@koalephant.com> References: <1eab7492-596c-ffd2-81ed-0eb9256a033e@gmail.com> <0B722A15-A29F-498B-987F-F6BA5AA49EEF@bobs-bits.com> <59D6B40B-DC64-43A3-AED4-CD5C9C15B6BA@koalephant.com> <72B2986D-3C05-4929-9BDD-1A911FC9E793@koalephant.com> <5411747E-8AD8-441D-AFBA-0B80A7F550A1@koalephant.com> Date: Fri, 21 Oct 2016 05:54:01 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Stephen Reay Cc: Niklas Keller , Stanislav Malyshev , "internals@lists.php.net" , Davey Shafik , Xinchen Hui Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] header() removes all header of the same name. From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi Stephen, On Thu, Oct 20, 2016 at 9:41 PM, Stephen Reay wr= ote: >> I don't want to get bug report that session lost or some important >> cookie lost somehow. > > Why is your concern so focussed on solving problems for inexperienced dev= elopers, who are effectively using functions incorrectly, at the expense of= experienced developers who are doing the right thing? > This response effectively encourages bad behaviour (did the reporter even= check the docs for header() to see why it=E2=80=99s replacing the session = cookie? The root cause of misuse is header() and setcookie() difference even if both manipulate HTTP header. - header() - Removes HTTP headers previously defined by default. - setcookie() - Appends 'Set-Cookie' HTTP header by default. Unlike header(), no remove feature at all. API design is inappropriate, IMHO. I would like to help users by providing reasonable/expectable APIs. Current header() and setcookie() behavior is reasonable for a individual feature, but mixing them seems not nice. There are 3 people not in favor of 'Set-Cookie' protections in header() Having consistent standard confirming function name means more to me, I may remove 'Set-Cookie' header vote option, if nobody really cares it, since I would like to have smooth RFC process. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net