Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99889 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 23382 invoked from network); 18 Jul 2017 10:29:53 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Jul 2017 10:29:53 -0000 Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain devilix.net designates 209.85.218.53 as permitted sender) X-PHP-List-Original-Sender: narf@devilix.net X-Host-Fingerprint: 209.85.218.53 mail-oi0-f53.google.com Received: from [209.85.218.53] ([209.85.218.53:35220] helo=mail-oi0-f53.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C3/A4-02884-023ED695 for ; Tue, 18 Jul 2017 06:29:52 -0400 Received: by mail-oi0-f53.google.com with SMTP id 191so13371007oii.2 for ; Tue, 18 Jul 2017 03:29:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=devilix.net; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=t22UZH0uFcS6Nfr8saAfI5bCtVK2/DMQDewqlRiQArM=; b=KaK46gcOPwYn445aC5LL8GMW8HasXnzESSYzo8cEaAHWNAGFBq03HAulkswWcFlPNq W766cTIBdZqW+kr4daB8tBIZJfTj3DhrMi6sE/1ux7jWLpWMmR9faNVyYztMtK4lv1f1 4lWatS9W790Ckc+0L3ZTTf5IrQnbSuyJ4r36o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=t22UZH0uFcS6Nfr8saAfI5bCtVK2/DMQDewqlRiQArM=; b=m1h0ZXk6bwVTCI0J3Y2QFql3PwGyZ8a052T44EicTw/HWeUYbnJjzd6fAf8euSnH/n q4rL8S4OQ1dkINGHEC1cHvrxNFZzb4ABvbBo/0gAL22DsxnU7rwIdHZkxU0ze4lD6DyY iJtL8BG7Xs7MB9haNsOtauTW9kffelXV347ys25xO3W6gfnuKjmEGMtI9hgyvdXSB+tf ugc7sRek1idn/EJJi+S25G5uDxFWNckvLDr+f1y0YPesuPTjTybiFkEtnWF7zeoqd95o VePuxg32Y8v26ZmaVwUC6xPR9m4b+584BL2D9pybGV1yGMhDlZz5Zc13fy9wQ1xiDpxy B0bA== X-Gm-Message-State: AIVw111jAZ9+QN/whwuQRwC9tDZlFfIUyPnX5VkOOhhaNAueWu2o9Zgm 7mzYkUx+Tm7xPWZQZfr4LPbvKc44SxJw X-Received: by 10.202.61.66 with SMTP id k63mr445320oia.189.1500373788695; Tue, 18 Jul 2017 03:29:48 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.181.103 with HTTP; Tue, 18 Jul 2017 03:29:48 -0700 (PDT) In-Reply-To: <64.32.02884.7983D695@pb1.pair.com> References: <64.32.02884.7983D695@pb1.pair.com> Date: Tue, 18 Jul 2017 13:29:48 +0300 Message-ID: To: Andreas Treichel Cc: "internals@lists.php.net" Content-Type: text/plain; charset="UTF-8" Subject: Re: [PHP-DEV] http_cookie_set and http_cookie_remove From: narf@devilix.net (Andrey Andreev) Hi Andreas, On Tue, Jul 18, 2017 at 1:22 AM, Andreas Treichel wrote: > Hi, > > i want some feedback, about the following idea before i write a rfc. > > Problem: > The functions setcookie and setrawcookie has many parameters. Most of them > are optional and extensions (e.g. same-site) make it even more messy. > > The functions setcookie and setrawcookie has 8 parameters. > > ... > > With the changes from https://wiki.php.net/rfc/same-site-cookie the > functions setcookie and setrawcookie even has 9 parameters. > > ... > > How to change this? > Add two new functions http_cookie_set and http_cookie_remove. > I think you are right on the money with this in general, but there's 3 things I would change: > bool http_cookie_set(string $name, string $value [, array $options]) > > $options are equal to the optional parameters of setcookie and setrawcookie. > $options may contain: > > expires: int > path: string > domain: string > secure: bool > httponly: bool > 1. The wording here implies that these are the *only* attributes allowed. In the interest of forward-compatibility, I'd allow arbitrary attributes as well. > encode is an additional option to remove the requirement of a raw and non > raw function. > > encode: int > HTTP_COOKIE_ENCODE_NONE (same as setrawcookie) > HTTP_COOKIE_ENCODE_RFC1738 (same as setcookie) > HTTP_COOKIE_ENCODE_RFC3986 > 2. I don't think this is necessary, nor that it belongs in the $options array. Anybody who'd use it, would have to read RFC1738 and/or RFC3986 to know what they do. And as the constant names aren't particularly short either, it is easier for me to just apply an encoding function directly to $value before passing it. Also, RFC 6265 (section 4.1.1) only mentions Base64 as a suggestion for encoding (and that's a SHOULD). Link: https://tools.ietf.org/html/rfc6265#section-4.1.1 > > bool http_cookie_remove(string $name) > > Why http_cookie_remove? > I do not find it self explanatory that setcookie('foo', "") or > setcookie('foo', NULL) delete a cookie. > 3. http_cookie_remove() is an extra feature that you're bundling, but has nothing to do with solving the original issue. It MAY be something that people would want, but it also may not be, and that makes it a contentions part of your would-be RFC. There's certainly the possibility that some would vote against your proposal entirely because of this ... just leave that for a future RFC if this one passes. --- That being said, again - I love the idea and would even like to work with you on the RFC if you need any help. Cheers, Andrey.