[PHP-DEV] http_cookie_set and http_cookie_remove

Mon, 17 Jul 2017 15:22:37 -0700 

Hi,

i want some feedback, about the following idea before i write a rfc.

Problem:
The functions setcookie and setrawcookie has many parameters. Most of them are optional and extensions (e.g. same-site) make it even more messy. 

The functions setcookie and setrawcookie has 8 parameters.
bool setcookie ( string $name [, string $value = "" [, int $expire = 0 [, string $path = "" [, string $domain = "" [, bool $secure = false [, bool $httponly = false ]]]]]] )
bool setrawcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )
With the changes from https://wiki.php.net/rfc/same-site-cookie the functions setcookie and setrawcookie even has 9 parameters.
bool setcookie ( string $name [, string $value = "" [, int $expire = 0 [, string $path = "" [, string $domain = "" [, bool $secure = false [, bool $httponly = false [, string $samesite = "" ]]]]]]] )
bool setrawcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false [, string $samesite = "" ] ]]]]]] ) 


How to change this?
Add two new functions http_cookie_set and http_cookie_remove.

bool http_cookie_set(string $name, string $value [, array $options])

$options are equal to the optional parameters of setcookie and setrawcookie.
$options may contain:

expires: int
path: string
domain: string
secure: bool
httponly: bool
encode is an additional option to remove the requirement of a raw and non raw function. 

encode: int
    HTTP_COOKIE_ENCODE_NONE (same as setrawcookie)
    HTTP_COOKIE_ENCODE_RFC1738 (same as setcookie)
    HTTP_COOKIE_ENCODE_RFC3986



Example:

Set cookie with httponly and skip all other options.

http_cookie_add('foo', 'bar', [
    'httponly' => true
]);

This is identical to, but much less readable:
setcookie('foo', 'bar', 0, '', '', false, true);


Full example with all options:

http_cookie_set('foo', 'bar', [
    'expires' => time() + 3600,
    'path' => '/',
    'domain => 'www.example.com',
    'secure' => true,
    'httponly' => true,
    'encode' => HTTP_COOKIE_ENCODE_RFC1738
]);


bool http_cookie_remove(string $name)

Why http_cookie_remove?
I do not find it self explanatory that setcookie('foo', "") or setcookie('foo', NULL) delete a cookie. 



--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to