Hi Sara, hi Frederik,
Thinking more about this I came to change my vote (and for that reason I’ll
take back the suggestion to include it into 7.2):
The array API is the better API and allows for healthier future growth so we
should pursue that option
There is a (very ugly) workaround to set a same site policy by misusing the
“session.cookie_path” or “session.cookie_domain” setting (e.g. set it to “/;
SameSite=Strict”, you are welcome, Internet).
cu,
Lars
On 28.08.17, 18:20, "Sara Golemon" <p...@golemon.com on behalf of
poll...@php.net> wrote:
On Mon, Aug 28, 2017 at 12:10 PM, Frederik Bosch | Genkgo <f.bo...@genkgo.nl>
wrote:
Little misunderstanding then. I agree we can better have this PHP 7.3 and take
some time for it. Current votes also suggest that we should go for the array
argument implementation. Since there is only a PR for the extra argument
implementation, it will also take time to have the PR for the array argument
implementation ready. Taken that into account, we should not want this in 7.2.
Indeed, yes. Assuming the votes continue on this sharp lean towards the array
option, we should just forget all notions of trying to sneak this into 7.2.
Direct calls in 7.2 and earlier can easily fall back on calling
header('Set-Cookie: ...'); manually, while sessions support is slightly more
complex, but still doable from userspace. I expect if need is deemed high for
this, a drop-in composer package can do 90% of the work automatically.
-Sara
