On Sun, Jul 22, 2018 at 1:16 PM Andrey Andreev <n...@devilix.net> wrote:
> Ok, I can see how it can be inconvenient for > session_set_cookie_params(), though calling it "extremely" unfriendly > is some exaggeration IMO. Hi, Right, I may have been a bit overly dramatic. :) > But while I didn't quote that part of your > message, you did also suggest to apply the same decision to other > functions and so I am talking about all of them. > > I'd be ok with this for session_set_cookie_params() alone, but not for > set[raw]cookie(). > I thought your comment was about session_set_cookie_params only because your reasoning about lifetime (as a relative amount of time) being a PHP construct only makes sense there. So I'm not sure why for set[raw]cookie the expires attribute would be treated different from the others? Max-Age is derived from it, but the value you pass to expires will be directly used in the cookie attribute (although in a different datetime format). Some other attributes are also not used verbatim. For instance, 'secure' being true or false also means the `secure;` attribute being present or omitted. Thinking again from the perspective of the user, I would find it annoying to have the expires attribute separate from the others. Regards, Pedro
