Hi everybody,
I strongly believe this is something we should ship with 7.2. That would give the ecosystem a 1-year head with a feature that could eventually help eradicate CSRF. I would argue that this is worth the unorthodox circumnavigation of our policies. Do you think that’s outrageously crazy? cu, Lars On 24.07.17, 10:53, "Frederik Bosch | Genkgo" <f.bo...@genkgo.nl> wrote: LS, Because of the valid arguments to set(raw)cookie and session_set_cookie_params to become lengthly functions, I reconsidered the proposal. It now consists of two possibilities. One is add samesite as argument and second one is to have these functions accept an array of options. One can read the changes in the proposal https://wiki.php.net/rfc/same-site-cookie. When both solutions will be rejected, the floor will be completely open for the proposal of http_cookie_set/remove since we then investigated all the possible solutions to the current set of functions. Best, Frederik On 20-07-17 10:10, Frederik Bosch | Genkgo wrote: LS, All concerns that have been put forward are updated in the RFC document. See https://wiki.php.net/rfc/same-site-cookie. I am going to start the voting on August 1, 2017. Exactly two weeks after I posted the RFC on the internals list. If new concerns are put forward in the meanwhile, I will of course update the RFC. Best, Frederik On 19-07-17 17:06, Andrey Andreev wrote: Hi, Not realizing I was looking at EOL dates, I (unintentionally) provided some wrong info yesterday: On Tue, Jul 18, 2017 at 5:13 PM, Andrey Andreev<n...@devilix.net> wrote: - HttpOnly was released with PHP 5.2.0 in January 2011 - just 3 months prior to IETF RFC 6265 (April 2011) becoming a standards track. PHP 5.2 was of course released way back, in 2006. My apologies for that. Cheers, Andrey. -- Frederik Bosch Partner Genkgo logo Mail: f.bo...@genkgo.nl <mailto:f.bo...@genkgo.nl> Web: support.genkgo.com <https://support.genkgo.com> Entrada 123 Amsterdam +31 208 943 931 Genkgo B.V. staat geregistreerd bij de Kamer van Koophandel onder nummer 56501153 -- Frederik Bosch Partner Genkgo logo Mail: f.bo...@genkgo.nl <mailto:f.bo...@genkgo.nl> Web: support.genkgo.com <https://support.genkgo.com> Entrada 123 Amsterdam +31 208 943 931 Genkgo B.V. staat geregistreerd bij de Kamer van Koophandel onder nummer 56501153
