Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:96535
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 24691 invoked from network); 21 Oct 2016 06:33:04 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Oct 2016 06:33:04 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:48503] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 75/4F-24564-E96B9085 for <internals@lists.php.net>; Fri, 21 Oct 2016 02:33:03 -0400
Received: (qmail 67355 invoked by uid 89); 21 Oct 2016 06:32:58 -0000
Received: from unknown (HELO mail-qt0-f169.google.com) (yohgaki@ohgaki.net@209.85.216.169)
  by 0 with ESMTPA; 21 Oct 2016 06:32:58 -0000
Received: by mail-qt0-f169.google.com with SMTP id f6so77804154qtd.2
        for <internals@lists.php.net>; Thu, 20 Oct 2016 23:32:58 -0700 (PDT)
X-Gm-Message-State: ABUngvd90iXJN/3BWSpkn4YwcnrCiR2CaC51NAaiTLpsWPvfgxqDWUZn/DaB/xDv1vCdCIcrhHnmLpWEYuKPLw==
X-Received: by 10.237.47.194 with SMTP id m60mr4279352qtd.55.1477031572127;
 Thu, 20 Oct 2016 23:32:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.38 with HTTP; Thu, 20 Oct 2016 23:32:11 -0700 (PDT)
In-Reply-To: <86B1DB4D-DE72-4BF7-A407-B2C3A8538799@koalephant.com>
References: <CAGa2bXb0CKP6=eZZk2atR5XGtR8JmQ3FG756wn0J7kkPGYFyZg@mail.gmail.com>
 <1eab7492-596c-ffd2-81ed-0eb9256a033e@gmail.com> <CAGa2bXY5u_VgJnoOq06dGj4uS2uVDwCC4qm358tJHEq+gfHVuw@mail.gmail.com>
 <0B722A15-A29F-498B-987F-F6BA5AA49EEF@bobs-bits.com> <CAGa2bXZq6uydypJNGw3n7wJ3VRCS0o3c2L_FABYJZ-B1x4naGg@mail.gmail.com>
 <59D6B40B-DC64-43A3-AED4-CD5C9C15B6BA@koalephant.com> <CAGa2bXbVMvkUsHvsjJ7YVO6pY84rV1RTcG0PzusdK8a+ff9C0g@mail.gmail.com>
 <CANUQDCg6FAiOFpyoaq2EyPjxrLGN+4XzXdf7fX66yVbAR9Q2EA@mail.gmail.com>
 <CAGa2bXZrO2SiqPV6wDb=3+9XGdNHFUSPL5Qoh4yR-_Hq62GyVw@mail.gmail.com>
 <CANUQDCiJcaX4mbbcgCjZFtCFxzCMSjjLN-h6gtyyX1d_HVdBKw@mail.gmail.com>
 <A9816C1C-70F4-49E0-93D8-FE370FFF796E@koalephant.com> <CAGa2bXY6be8n86dQ-jW-BZuPCD2iWFhP+_0HGHfimEe4E517Dw@mail.gmail.com>
 <CANUQDCiR=nCEtf9=BBHK4vvFzWAHz9by1G7ZGLd9TvC70XDPCQ@mail.gmail.com>
 <CAGa2bXa-xstNHffGH47fhhDvh6EZbK5oTaSiNj-eoY0Rpmr5-g@mail.gmail.com>
 <CAGa2bXZUtUqnZB3TKsP99hvhr7q+9M9zA2Yg0xp5HRSvg8GsYw@mail.gmail.com> <86B1DB4D-DE72-4BF7-A407-B2C3A8538799@koalephant.com>
Date: Fri, 21 Oct 2016 15:32:11 +0900
X-Gmail-Original-Message-ID: <CAGa2bXb-cuUVBjkss+tnDWo502G_VaK2beAGoPwK3xU2XsY40g@mail.gmail.com>
Message-ID: <CAGa2bXb-cuUVBjkss+tnDWo502G_VaK2beAGoPwK3xU2XsY40g@mail.gmail.com>
To: Stephen Reay <php-lists@koalephant.com>
Cc: Niklas Keller <me@kelunik.com>, Stanislav Malyshev <smalyshev@gmail.com>, 
	"internals@lists.php.net" <internals@lists.php.net>, Davey Shafik <davey@php.net>, Xinchen Hui <laruence@php.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] header() removes all header of the same name.
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi Stephen,

On Fri, Oct 21, 2016 at 1:38 PM, Stephen Reay <php-lists@koalephant.com> wr=
ote:
> Is it normal to alter (or support multiple) function signatures like this=
, when you want to improve the name *and* improve the signature? Wouldn=E2=
=80=99t you just leave setcookie() as-is, introduce the new cookie_* functi=
ons, and then deprecate set cookie later? (ala mysql =3D> mysqli)

I'm lazy enough not to add new function entry point because the patch
is to show how it will look like.

Making aliases make life a little easier for both user and developer.
I don't think we will deprecate (I mean deprecate and remove in the
future) old functions. It will be there to avoid needless
incompatibility.

>
> As for the specifics - I kind of like.. Niklas (I think?) suggestion wher=
e the flags array accepts either key =3D> value pairs, or non-keyed flag va=
lues. Any non-string key is ignored and the value used as a =E2=80=98flag=
=E2=80=99 (e.g. HttpOnly, Secure). Any non-string value would be casted to =
string.
>
> This would obviously require slightly different usage by developers - the=
 user would need to send a date/time (either a string or object that will c=
ast to a string in the right format) instead of a timestamp for expires. If=
 you want to special-case it, you could type-check for an instance of \Date=
TimeInterface and run ->format(\DateTime::COOKIE) instead of just casting t=
o string, but I don=E2=80=99t think I=E2=80=99d consider that to be essenti=
al really. If the user can generate a UNIX timestamp, they should be able t=
o format it to RFC1123 themselves too, no?

I have an idea to enable HttpOnly by default. Most applications will
be safer by this change without any problems, but some applications
may need to disable HttpOnly. So it's better to stick with key =3D>
value pairs in case we change the default.

I cannot think of date generation use case. Is there good use case?

>
> While you=E2=80=99re looking at this. DateTime::COOKIE (and DATE_COOKIE) =
seem to be using RFC850 format, but with a 4-digit year. Besides being a bi=
t of a mis-match of formats, RFC850 is considered =E2=80=9Cobsolete=E2=80=
=9D now, and perhaps should be replaced by RFC1123 (basically, no dashes, s=
hort day name).

Good idea. It's not updated since 90's, I guess. The same topic pops
up on occasion.

https://tools.ietf.org/html/rfc6265#section-5.1.1
Do we have this algorithm somewhere already?

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net