Hi Stephen, On Thu, Oct 20, 2016 at 9:41 PM, Stephen Reay <php-li...@koalephant.com> wrote: >> I don't want to get bug report that session lost or some important >> cookie lost somehow. > > Why is your concern so focussed on solving problems for inexperienced > developers, who are effectively using functions incorrectly, at the expense > of experienced developers who are doing the right thing? > This response effectively encourages bad behaviour (did the reporter even > check the docs for header() to see why it’s replacing the session cookie?
The root cause of misuse is header() and setcookie() difference even if both manipulate HTTP header. - header() - Removes HTTP headers previously defined by default. - setcookie() - Appends 'Set-Cookie' HTTP header by default. Unlike header(), no remove feature at all. API design is inappropriate, IMHO. I would like to help users by providing reasonable/expectable APIs. Current header() and setcookie() behavior is reasonable for a individual feature, but mixing them seems not nice. There are 3 people not in favor of 'Set-Cookie' protections in header() Having consistent standard confirming function name means more to me, I may remove 'Set-Cookie' header vote option, if nobody really cares it, since I would like to have smooth RFC process. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
