Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99885 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 89532 invoked from network); 17 Jul 2017 22:22:19 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 17 Jul 2017 22:22:19 -0000 X-Host-Fingerprint: 62.180.109.77 unknown Received: from [62.180.109.77] ([62.180.109.77:11659] helo=localhost.localdomain) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 64/32-02884-7983D695 for ; Mon, 17 Jul 2017 18:22:16 -0400 Message-ID: <64.32.02884.7983D695@pb1.pair.com> To: internals@lists.php.net X-Mozilla-News-Host: news://news.php.net:119 Date: Tue, 18 Jul 2017 00:22:12 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Posted-By: 62.180.109.77 Subject: http_cookie_set and http_cookie_remove From: gmblar@gmail.com (Andreas Treichel) Hi, i want some feedback, about the following idea before i write a rfc. Problem: The functions setcookie and setrawcookie has many parameters. Most of them are optional and extensions (e.g. same-site) make it even more messy. The functions setcookie and setrawcookie has 8 parameters. bool setcookie ( string $name [, string $value = "" [, int $expire = 0 [, string $path = "" [, string $domain = "" [, bool $secure = false [, bool $httponly = false ]]]]]] ) bool setrawcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] ) With the changes from https://wiki.php.net/rfc/same-site-cookie the functions setcookie and setrawcookie even has 9 parameters. bool setcookie ( string $name [, string $value = "" [, int $expire = 0 [, string $path = "" [, string $domain = "" [, bool $secure = false [, bool $httponly = false [, string $samesite = "" ]]]]]]] ) bool setrawcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false [, string $samesite = "" ] ]]]]]] ) How to change this? Add two new functions http_cookie_set and http_cookie_remove. bool http_cookie_set(string $name, string $value [, array $options]) $options are equal to the optional parameters of setcookie and setrawcookie. $options may contain: expires: int path: string domain: string secure: bool httponly: bool encode is an additional option to remove the requirement of a raw and non raw function. encode: int HTTP_COOKIE_ENCODE_NONE (same as setrawcookie) HTTP_COOKIE_ENCODE_RFC1738 (same as setcookie) HTTP_COOKIE_ENCODE_RFC3986 Example: Set cookie with httponly and skip all other options. http_cookie_add('foo', 'bar', [ 'httponly' => true ]); This is identical to, but much less readable: setcookie('foo', 'bar', 0, '', '', false, true); Full example with all options: http_cookie_set('foo', 'bar', [ 'expires' => time() + 3600, 'path' => '/', 'domain => 'www.example.com', 'secure' => true, 'httponly' => true, 'encode' => HTTP_COOKIE_ENCODE_RFC1738 ]); bool http_cookie_remove(string $name) Why http_cookie_remove? I do not find it self explanatory that setcookie('foo', "") or setcookie('foo', NULL) delete a cookie.