8000 http_cookie_set and http_cookie_remove by blar · Pull Request #2643 · php/php-src · GitHub
[go: up one dir, main page]

Skip to content

http_cookie_set and http_cookie_remove #2643

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

http_cookie_set and http_cookie_remove #2643

wants to merge 3 commits into from

Conversation

blar
Copy link
Contributor
@blar blar commented Jul 22, 2017

bool http_cookie_set(string $name, string $value [, array $options])

expires: int, default: 0
path: string, default: ""
domain: string, default: ""
secure: bool, default: false
httponly: bool, default: false
encode: int, default: HTTP_COOKIE_ENCODE_RFC1738

Contants for encode option:
HTTP_COOKIE_ENCODE_NONE (same as setrawcookie)
HTTP_COOKIE_ENCODE_RFC1738 (same encoding as setcookie)
HTTP_COOKIE_ENCODE_RFC3986

If encoding is HTTP_COOKIE_ENCODE_NONE, then no encoding is performed. The caller is responsible for a correct encoding.

If encoding is HTTP_COOKIE_ENCODE_RFC1738, then encoding is performed per RFC 1738 and the application/x-www-form-urlencoded media type, which implies that spaces are encoded as plus (+) signs.

If encoding is HTTP_COOKIE_ENCODE_RFC3986, then encoding is performed according to RFC 3986, and spaces will be percent encoded (%20).

Set cookie with httponly without unnecessary pass the default values for $path, $domain or $secure like setcoookie() or setrawcookie()

http_cookie_set('foo', 'bar', [
    'httponly' => true
]); 

Disable encoding and encode the value with another function:

http_cookie_set('foo', base64_encode($value), [
    'httponly' => true,
    'encoding' => HTTP_COOKIE_ENCODE_NONE
]);

bool http_cookie_remove(string $name);
Remove a cookie. No more need to look into the manual if the correct value is "", NULL or 0 to remove cookies.

@blar blar mentioned this pull request Jul 23, 2017
@krakjoe krakjoe added the RFC label Jul 24, 2017
@KalleZ
Copy link
Member
KalleZ commented Aug 23, 2017

I personally would prefer if the naming convention was the same as the already existing one to ensure we don't conflict with pecl/http, e.g.: removecookie() then alter setcookie() to check if the 3rd parameter is an array and handle from there, tho I do agree that removecookie() is a bad name.

Lets see what the other core devs have of thoughts on this

@Girgias
Copy link
Member
Girgias commented Feb 23, 2019

I know this PR is a tad old but couldn't the encoding be specified as a new key in the $options parameter (as of PHP 7.3) for the setcookie (and other related function such as session_set_cookie_params)?
Not sure however if this option would make any sense with setrawcookie but I supposed it should be included with it for consistency (or another option is that setrawcookie is obsolete if you can specify that no encoding should be done on it. But I feel this is a whole other topic subject to bunch of controversies).

@cmb69
Copy link
Member
cmb69 commented Apr 26, 2019

@Girgias already mentioned that we could add an encode parameter to the options array of setcookie(). Not sure if that would require an RFC, but at least some discussion on the internals@ mailing list appears to be in order. Care to proceed with this @blar?

PS: ah, overlooked http_cookie_remove() which IMHO could be done easily in userland, though.

@krakjoe
Copy link
Member
krakjoe commented May 10, 2021

I'm going to draw a line under this, there didn't seem to be the interest from the OP to keep going.

@krakjoe krakjoe closed this May 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants
0