On 18 July 2017 11:08:10 BST, Dan Ackroyd <dan...@basereality.com> wrote: >On 18 July 2017 at 00:22, Andreas Treichel <gmb...@gmail.com> wrote: >> Hi, >> >> i want some feedback, about the following idea before i write a rfc. >> >> ... Most of them >> are optional and extensions (e.g. same-site) make it even more messy. > > >Two thoughts: > >i) Cookie functions are easily done in userland. > >ii) Adding more stuff to an already complicated thing isn't the way to >make it simple. > >Or, to repeat myself: http://news.php.net/php.internals/90940 > > >> The problem is that you're trying to build on a foundation of sand. >> The session handling works but is incredibly fragile.
I'm not sure why you're quoting that here; cookies and sessions are very different things, and there's no intrinsic reason why a cookie API needs to be complicated (even if the HTTP and JS ones are really horrible). I really like the sound of the proposal, including the separate remove function - the HTTP specs may be stuck with the awkward implementation of "delete by expiry", but there's no reason not to wrap that in something more meaningful to the user. Regards, -- Rowan Collins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
