I agree there are probably a lot using the default, but I think it’s reasonable
to expect anyone using a header(‘Set-Cookie:..’); call rather than setcookie()
to be aware of the 2nd argument for header(), so this solution sounds good to
> On 18 Oct 2016, at 18:08, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Hi Stephen,
> On Tue, Oct 18, 2016 at 5:54 PM, Stephen Reay <step...@bobs-bits.com> wrote:
>> If the replace flag was fixed, isn’t this then just a case of making sure
>> userland sets replace to false if they want existing set-cookie headers
> Yes and no.
> If users use the replace flag correctly, then it will work. However, I
> don't expect users set replace flag correctly. If replace flag's
> default was opposite, it would work better.
>> Removing the ability to write a custom Set-Cookie header introduces a bigger
>> problem than the current one, IMO.
> OK. Let's just fix the replace flag and document removing 'Set-Cookie'
> header by header() may result in unwanted results.
> Everyone is ok with this?
> Yasuo Ohgaki
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php