> Le 14 janv. 2023 à 16:14, G. P. B. <george.bany...@gmail.com> a écrit :
>
> Hello Internals,
>
> I would like to start the discussion about the Add SameSite cookie
> attribute parameter RFC:
> https://wiki.php.net/rfc/same-site-parameter
>
> This proposes to add an optional same site parameter to the setrawcooki(),
> setcookie() and session_set_cookie_params() that takes a a value a new
> SameSite enum:
>
> enum SameSite {
> case None;
> case Lax;
> case Strict;}
>
>
> Best regards,
>
> George P. Banyard
Hi,
Some technical remarks:
* The new parameter name should be `$samesite` (all lowercase), in order to
match with the casing of the corresponding key in `$options`.
* I think that you should add the case `SameSite::Omit` (which is the current
default). This is not only for BC, but also for FC if, for some reason,
`SameSite: Lax` is replaced by some attribute that supersedes it. Or if
`SameSite: Lax` becomes the default, and therefore redundant. — Having
`SameSite::Omit` instead of `null` would mean that it would be difficult to
miss it by accident.
That said, I am much more interested in being able to add custom cookie
attributes. Back when SameSite was introduced (on the web, not in PHP), I
recall that I had to use some hack in order to include them in my session
cookie (before upgrading to PHP 7.3). The new cookie attributes mentioned by
Nicolas in the other mail are probably too experimental in order to support
them officially, but it could be interesting to be able to include them
nonetheless, e.g. using some `customAttributes` parameter.
—Claude
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
