Hi Yasuo, I agree there are probably a lot using the default, but I think it’s reasonable to expect anyone using a header(‘Set-Cookie:..’); call rather than setcookie() to be aware of the 2nd argument for header(), so this solution sounds good to me.
Cheers Stephen > On 18 Oct 2016, at 18:08, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > > Hi Stephen, > > On Tue, Oct 18, 2016 at 5:54 PM, Stephen Reay <step...@bobs-bits.com> wrote: >> If the replace flag was fixed, isn’t this then just a case of making sure >> userland sets replace to false if they want existing set-cookie headers >> retained? > > Yes and no. > > If users use the replace flag correctly, then it will work. However, I > don't expect users set replace flag correctly. If replace flag's > default was opposite, it would work better. > >> Removing the ability to write a custom Set-Cookie header introduces a bigger >> problem than the current one, IMO. > > OK. Let's just fix the replace flag and document removing 'Set-Cookie' > header by header() may result in unwanted results. > > Everyone is ok with this? > > Regards, > > -- > Yasuo Ohgaki > yohg...@ohgaki.net > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php