Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99905 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 62814 invoked from network); 18 Jul 2017 16:35:55 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Jul 2017 16:35:55 -0000 Authentication-Results: pb1.pair.com smtp.mail=rowan.collins@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=rowan.collins@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.128.196 as permitted sender) X-PHP-List-Original-Sender: rowan.collins@gmail.com X-Host-Fingerprint: 209.85.128.196 mail-wr0-f196.google.com Received: from [209.85.128.196] ([209.85.128.196:36078] helo=mail-wr0-f196.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id BE/2B-02884-AE83E695 for ; Tue, 18 Jul 2017 12:35:54 -0400 Received: by mail-wr0-f196.google.com with SMTP id y67so3953638wrb.3 for ; Tue, 18 Jul 2017 09:35:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:user-agent:in-reply-to:references:mime-version :content-transfer-encoding:subject:to:from:message-id; bh=l14+zGRyHyq9nhnTo8qvUtnzBUV4f2twfznpmKk7SeY=; b=A+iER2ati4dNAjEdAo+Qezd8XQDK65bxhIqXGXeyafpCr/ttEdo3EtOQQkq3A6VPiq mHj/TTkARNESsJNAj34e/J1I4Fo0j6CDM7ZJtsoxIllEP4gQP1e8nMrGHpRJ1Ajej+qZ a2rJIODCv/XVP5tCf5MqggtZfA/PoLJKsmewTq7nONnlAD6QO46mKKcUdKCKwT2vsZxb YtfWGj7HHiuPu8trhh6+AouBf0jDC19uPMKcN5eU/VosddSkoJvIF8B8YBDshiDIU8YM mN+1dZ8A7D4TjZG0ESdi84JE2gfv9NRKNgbv6K/EXqeseW4Xxf9/oofrj9+8v2r2hafK afoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:user-agent:in-reply-to:references :mime-version:content-transfer-encoding:subject:to:from:message-id; bh=l14+zGRyHyq9nhnTo8qvUtnzBUV4f2twfznpmKk7SeY=; b=HejfJOZ1PshE0TPla3wCbFLq+mscNCT/96QkZD97xOCpFj2yorDzL5Tpgt31mJU49z jBAlexhg8Wu/2q1nrJ1SofH/k44i+9TgK62AlxDz6RSG0CTr5LfEoITQroIyXrR2p8nr 6eFSkUFoZhWywVlpMsv1VIVnTx+WalU7AmtsbrEwlvNAk8e3gLwHY/McLJQPcHKraoDy 0oOqJnLDNniBvUJ5VxzZZML6RPJeyTcrHxjEz/xiyEPfIjizR9hEItmwPgzEZAD6qeIk 1I7eX87304W69LHBf+npOHb/CevJ30x9hTEItQeLAvf3PtZZ1o3Q5/iOh3dymEGlGErj QQUQ== X-Gm-Message-State: AIVw113CJo215bkieWnNXfzCnVHYLb5g0UdLm39RKlJ/y3YvfYmvVFb8 FwflGjbUloM10TjYkjc= X-Received: by 10.223.171.200 with SMTP id s66mr348236wrc.38.1500395751185; Tue, 18 Jul 2017 09:35:51 -0700 (PDT) Received: from [10.176.165.164] (92.40.248.211.threembb.co.uk. [92.40.248.211]) by smtp.gmail.com with ESMTPSA id l8sm4246103wmd.15.2017.07.18.09.35.50 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Jul 2017 09:35:50 -0700 (PDT) Date: Tue, 18 Jul 2017 17:35:47 +0100 User-Agent: K-9 Mail for Android In-Reply-To: References: <64.32.02884.7983D695@pb1.pair.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable To: internals@lists.php.net Message-ID: <0511022D-E023-485A-8D49-D1EA73973F87@gmail.com> Subject: Re: [PHP-DEV] http_cookie_set and http_cookie_remove From: rowan.collins@gmail.com (Rowan Collins) On 18 July 2017 11:08:10 BST, Dan Ackroyd wrote: >On 18 July 2017 at 00:22, Andreas Treichel wrote: >> Hi, >> >> i want some feedback, about the following idea before i write a rfc=2E >> >> =2E=2E=2E Most of them >> are optional and extensions (e=2Eg=2E same-site) make it even more mess= y=2E > > >Two thoughts: > >i) Cookie functions are easily done in userland=2E > >ii) Adding more stuff to an already complicated thing isn't the way to >make it simple=2E > >Or, to repeat myself: http://news=2Ephp=2Enet/php=2Einternals/90940 > > >> The problem is that you're trying to build on a foundation of sand=2E >> The session handling works but is incredibly fragile=2E I'm not sure why you're quoting that here; cookies and sessions are very d= ifferent things, and there's no intrinsic reason why a cookie API needs to = be complicated (even if the HTTP and JS ones are really horrible)=2E I really like the sound of the proposal, including the separate remove fun= ction - the HTTP specs may be stuck with the awkward implementation of "del= ete by expiry", but there's no reason not to wrap that in something more me= aningful to the user=2E Regards, --=20 Rowan Collins [IMSoP]