Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:99906
Return-Path: <gmblar@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 64381 invoked from network); 18 Jul 2017 16:39:55 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Jul 2017 16:39:55 -0000
X-Host-Fingerprint: 62.180.109.77 unknown  
Received: from [62.180.109.77] ([62.180.109.77:19092] helo=localhost.localdomain)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 86/8B-02884-8D93E695 for <internals@lists.php.net>; Tue, 18 Jul 2017 12:39:53 -0400
Message-ID: <86.8B.02884.8D93E695@pb1.pair.com>
To: internals@lists.php.net
References: <64.32.02884.7983D695@pb1.pair.com>
 <CAPhkiZy1Xo4mj758mtjcMGnX2PV0VsiHa9uN_Ka=1xiiXAx7Mg@mail.gmail.com>
Date: Tue, 18 Jul 2017 18:39:47 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:45.0)
 Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CAPhkiZy1Xo4mj758mtjcMGnX2PV0VsiHa9uN_Ka=1xiiXAx7Mg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Posted-By: 62.180.109.77
Subject: Re: [PHP-DEV] http_cookie_set and http_cookie_remove
From: gmblar@gmail.com (Andreas Treichel)

Hello Andrey,

>> $options are equal to the optional parameters of setcookie and setrawcookie.
>> $options may contain:
>>
>> expires: int
>> path: string
>> domain: string
>> secure: bool
>> httponly: bool

> 1. The wording here implies that these are the *only* attributes
> allowed. In the interest of forward-compatibility, I'd allow arbitrary
> attributes as well.

This are the only supported options in the current implementation. 
Future extension like samesite cookies can add more options. Unknown 
options are ignored and trigger a warning.


>> encode is an additional option to remove the requirement of a raw and non
>> raw function.
>>
>> encode: int
>>     HTTP_COOKIE_ENCODE_NONE (same as setrawcookie)
>>     HTTP_COOKIE_ENCODE_RFC1738 (same as setcookie)
>>     HTTP_COOKIE_ENCODE_RFC3986

> 2. I don't think this is necessary, nor that it belongs in the $options array.

Most users dont know the correct encoding for cookies. This idea is from 
the $enc_type parameter of http://php.net/http_build_query. The 
documentation of http_cookie_set() should explain it the same way.

Maybe i can move it out of the $options array and add an extra parameter 
for the encoding, if the $options are the wrong location for this.


> Anybody who'd use it, would have to read RFC1738 and/or RFC3986 to
> know what they do.

This is the same as setcookie(). No one has to read the rfc, which is 
not interested as it exactly works. HTTP_COOKIE_ENCODE_RFC1738 is the 
default for the encode option and encode the value the same ways as 
setcookie encode it.

the default values for the options are the same as thr parameters for 
the current setcookie(). The default values for the $options:

expires: int, default: 0
path: string, default: ""
domain: string, default: ""
secure: bool, default: false
httponly: bool, default: false
encode: int, default: HTTP_COOKIE_ENCODE_RFC1738


> And as the constant names aren't particularly short either, it is
> easier for me to just apply an encoding function directly to $value
> before passing it.

The current names of the constants are not short, but in most cases i 
think you dont need it.


> Also, RFC 6265 (section 4.1.1) only mentions Base64 as a suggestion
> for encoding (and that's a SHOULD).
> Link: https://tools.ietf.org/html/rfc6265#section-4.1.1

http_cookie_set() use the same encoding per default as setcookie().