Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:99884
Return-Path: <f.bosch@genkgo.nl>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 86010 invoked from network); 17 Jul 2017 21:11:54 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Jul 2017 21:11:54 -0000
Authentication-Results: pb1.pair.com smtp.mail=f.bosch@genkgo.nl; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=f.bosch@genkgo.nl; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain genkgo.nl designates 46.21.156.38 as permitted sender)
X-PHP-List-Original-Sender: f.bosch@genkgo.nl
X-Host-Fingerprint: 46.21.156.38 mail.genkgo.net  
Received: from [46.21.156.38] ([46.21.156.38:60047] helo=mail.genkgo.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 5E/C1-02884-8182D695 for <internals@lists.php.net>; Mon, 17 Jul 2017 17:11:53 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=genkgo.nl;
	 s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID:
	To:Subject:From:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date
	:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
	List-Owner:List-Archive; bh=70S/CNYDt8Qm8XjntoMp3iAyULt4MZfzBpupAShUtMg=; b=J
	10/jzGoW3W/S56HG9v+99zT24LE/A5Gexq1pQSpH6J+xUiq5pRCeoDakAiqV0qZSRLX2axbQBCu55
	wpenHoybaQsitvSoEt6P509q/jmbW+Tw5ZcrcsIBMlzLUGPjmjUbWxsRf01rBlHck1t9mwWsMQpGM
	XTv60bf8EgD/qSrxb9FRDd4PcVHorYoolQA6nPGLjnRgdnciznHZ6cWzAbyqmLDcWp0I+ZHZMa473
	pfochmFvdiTBqoAxyPAItHotkWBWOQ1lYIHg6t+9S9YB4kS/CFbG2hcLFtBOLvRjPIj0hOBz0qnte
	SbGwX7vjxEgCRjEkZbJqi5IR1EPZLN35w==;
Received: from [188.213.225.106] (helo=[192.168.15.254])
	by mail.genkgo.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
	(Exim 4.87)
	(envelope-from <f.bosch@genkgo.nl>)
	id 1dXDIz-0002Yq-G4
	for internals@lists.php.net; Mon, 17 Jul 2017 23:11:49 +0200
To: internals@lists.php.net
Message-ID: <14052ebf-efea-cb43-39e0-bdc30e493ff3@genkgo.nl>
Date: Mon, 17 Jul 2017 23:11:49 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: nl-NL
Content-Transfer-Encoding: 7bit
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
Subject: [RFC] samesite cookie implementation
From: f.bosch@genkgo.nl (Frederik Bosch | Genkgo)

LS,

Today I finished writing the RFC for implementing same site cookies in 
PHP, https://wiki.php.net/rfc/same-site-cookie. I am happy to receive 
your remarks on the proposal, and improve when necessary.

For those (only) interested in code, have a look at PR # 2613: 
https://github.com/php/php-src/pull/2613.

For the record, I am just a messenger in this regard. Someone uploaded a 
patch for this feature in bug #72230: 
https://bugs.php.net/bug.php?id=72230. I just took the opportunity to 
create a PR and the corresponding RFC. Credits for the code go to 
xistence at 0x90 dot nl.

Hopefully, the samesite cookie flag will become a feature of the PHP 
language through this RFC!

Kind regards,
Frederik Bosch