Am 14.01.2023 um 16:14 schrieb G. P. B. <george.bany...@gmail.com>: > I would like to start the discussion about the Add SameSite cookie > attribute parameter RFC: > https://wiki.php.net/rfc/same-site-parameter > > This proposes to add an optional same site parameter to the setrawcooki(), > setcookie() and session_set_cookie_params() that takes a a value a new > SameSite enum: > > enum SameSite { > case None; > case Lax; > case Strict;}
Some comments: - I am not convinced that we should introduce a third way of providing parameters to setcookie(). I don't think this function is used often enough in common code to add yet another iteration of the API. Assuming there is 1 to 2 places in your framework using this I don't think many bugs will go unnoticed. Adding a warning to illegal 'samesite' values in $options would IMHO be enough if stricter checking is wished for. - I don't like the camelCase of $sameSite as this is different from all the other parameters, e.g. $expires_or_options (yes, this is a pseudo-parameter name, I know) and $httponly. Looking at a couple of functions in the standard PHP set I didn't see any $camelCase. - A more generic question: How are Enums handled concerning future additions of values vs. BC compatibility? What is the migration plan there if one wants to support both old and new PHP versions? Regards, - Chris -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
