Hi all,
yesterday I submitted https://bugs.php.net/76906 to report that I wasn't
able to set the "samesite" attribute on cookies while I followed what's
been approved in https://wiki.php.net/rfc/same-site-cookie
Damian answered on the bug report that the $options argument has swallowed
the lifetime one, so that $options is now the 3rd arg and not the 4th as
noted in the RFC.
He suggested me to raise the topic on internals, so here we are.
Are we fine with this? If yes, shouldn't an errata be added to the RFC so
that ppl aren't confused like I was?
Cheers,
Nicolas
yesterday I submitted https://bugs.php.net/76906 to report that I wasn't
able to set the "samesite" attribute on cookies while I followed what's
been approved in https://wiki.php.net/rfc/same-site-cookieDamian answered on the bug report that the $options argument has swallowed
the lifetime one, so that $options is now the 3rd arg and not the 4th as
noted in the RFC.He suggested me to raise the topic on internals, so here we are.
Are we fine with this? If yes, shouldn't an errata be added to the RFC so
that ppl aren't confused like I was?
Related discussion: https://externals.io/message/100304#102909ff.
Not sure if an errata (or amendment) should be added to the RFC, or
whether it is sufficient to document the new signatures in the manual
proper and the migration guide.
--
Christoph M. Becker
Hi,
yesterday I submitted https://bugs.php.net/76906 to report that I wasn't
able to set the "samesite" attribute on cookies while I followed what's
been approved in https://wiki.php.net/rfc/same-site-cookieDamian answered on the bug report that the $options argument has swallowed
the lifetime one, so that $options is now the 3rd arg and not the 4th as
noted in the RFC.He suggested me to raise the topic on internals, so here we are.
Are we fine with this? If yes, shouldn't an errata be added to the RFC so
that ppl aren't confused like I was?Related discussion: https://externals.io/message/100304#102909ff.
Not sure if an errata (or amendment) should be added to the RFC, or
whether it is sufficient to document the new signatures in the manual
proper and the migration guide.
A reminder of some rather ... out of the ordinary things that led us here:
- The RFC author was trying to rush any kind of SameSite
implementation for 7.2, but eventually agreed mid-vote
(https://externals.io/message/100304#100319) to give it another year
for proper discussion, modifications, etc. - However, the vote was not closed and I still question whether it
should be considered valid at all, but if so, it was voted-in WITH an
explicit $expires parameter forsetcookie(),setrawcookie()and an
explicit $lifetime parameter forsession_set_cookie_params(). - As it often happens, no further discussion happened on the list
until 7.3 FF was just about to happen. - It was suggested that we move $expires/$lifetime inside the array,
and we agreed for that onsession_set_cookie_params(), but for
set[raw]cookie(), it was basically one person for it and another one
(me) against it. We didn't reach an agreement; here's the last
on-topic email about it: https://externals.io/message/100304#102964
Since a PR with that change has been merged, apparently a side was
chosen and so be it, I guess. But given all of the above, I think
adding an errata to the RFC is the least that should be done.
Cheers,
Andrey.
On 20.09.2018 at 12:18,Andrey Andreev wrote:
yesterday I submitted https://bugs.php.net/76906 to report that I wasn't
able to set the "samesite" attribute on cookies while I followed what's
been approved in https://wiki.php.net/rfc/same-site-cookieDamian answered on the bug report that the $options argument has swallowed
the lifetime one, so that $options is now the 3rd arg and not the 4th as
noted in the RFC.He suggested me to raise the topic on internals, so here we are.
Are we fine with this? If yes, shouldn't an errata be added to the RFC so
that ppl aren't confused like I was?Related discussion: https://externals.io/message/100304#102909ff.
Not sure if an errata (or amendment) should be added to the RFC, or
whether it is sufficient to document the new signatures in the manual
proper and the migration guide.Since a PR with that change has been merged, apparently a side was
chosen and so be it, I guess. But given all of the above, I think
adding an errata to the RFC is the least that should be done.
The SameSite cookie attribute support has been documented[1], and an
errata section has been added to the RFC[2].
[1] http://svn.php.net/viewvc?view=revision&revision=345661
[2]
https://wiki.php.net/rfc/same-site-cookie?do=diff&rev2%5B0%5D=1537441490&rev2%5B1%5D=1537441776&difftype=inline
--
Christoph M. Becker
On Thu, Sep 20, 2018 at 12:12 PM Christoph M. Becker cmbecker69@gmx.de
wrote:
The SameSite cookie attribute support has been documented[1], and an
errata section has been added to the RFC[2].[1] http://svn.php.net/viewvc?view=revision&revision=345661
[2]
<
https://wiki.php.net/rfc/same-site-cookie?do=diff&rev2%5B0%5D=1537441490&rev2%5B1%5D=1537441776&difftype=inline--
Christoph M. Becker
Thanks! I wasn't sure about editing the RFC as the actual docs would have
it right and UPGRADING also has the right syntax. Either way, having it on
the RFC itself is helpful to clear any confusion.
Regards,
Pedro