On Thu, Dec 27, 2012 at 9:51 PM, Andrey Andreev <n...@bofh.bg> wrote:
> Quoting Sherif Ramadan <theanomaly...@gmail.com>: > > There's no mention in the RFC of how the functionality will work in PHP. >> Is >> it possible to add example code of how it is to be used based on this >> implementation? >> > > "Max-Age" would simply be added to all Set-Cookie headers, after the > "Expires" attribute. I thought that was obvious, but I'll make sure to add > a few examples to make it clearer. Well, even if it were obvious the RFC should be a technical specification of what's being introduced. Things should be stated and explained there as clearly as possible. At least so much so that people shouldn't have to guess about what is going to actually happen when they run certain code. For example, how are session cookies affected? What determines the actual delta? I would assume it's the determined by the Unix timestamp supplied to setcookie? Should setting this attribute in the response headers be included automatically for session cookies? I would think it would, but I'm not certain since it's not mentioned. Other than some brief examples of usage and perhaps including those small details I think it's pretty clear and I like the idea :) Thanks for taking the time on that. > > > What BC breaks it introduced (if any)? Can there be an >> option to use both Max-Age and Expires cookie attributes with the >> introduced changes? How does the user know which attribute is being set? >> None of this information seems to be in the RFC. >> > > This is all (briefly) described under the "Technical details and > considerations" section - both attributes should be sent and no side > effects and/or breaking changes are expected. > > As for how a user would know it - just like with the current cookies being > sent (either via setcookie() or by ext/session), by looking at their > Set-Cookie HTTP headers. > >
