Hi Sara, hi Frederik,

 

Thinking more about this I came to change my vote (and for that reason I’ll 
take back the suggestion to include it into 7.2):

 
The array API is the better API and allows for healthier future growth so we 
should pursue that option 
There is a (very ugly) workaround to set a same site policy by misusing the 
“session.cookie_path” or “session.cookie_domain” setting (e.g. set it to “/; 
SameSite=Strict”, you are welcome, Internet).
 

cu,

Lars

 

 

On 28.08.17, 18:20, "Sara Golemon" <p...@golemon.com on behalf of 
poll...@php.net> wrote:

 

On Mon, Aug 28, 2017 at 12:10 PM, Frederik Bosch | Genkgo <f.bo...@genkgo.nl> 
wrote:

Little misunderstanding then. I agree we can better have this PHP 7.3 and take 
some time for it. Current votes also suggest that we should go for the array 
argument implementation. Since there is only a PR for the extra argument 
implementation, it will also take time to have the PR for the array argument 
implementation ready. Taken that into account, we should not want this in 7.2.

Indeed, yes. Assuming the votes continue on this sharp lean towards the array 
option, we should just forget all notions of trying to sneak this into 7.2.

 

Direct calls in 7.2 and earlier can easily fall back on calling 
header('Set-Cookie: ...'); manually, while sessions support is slightly more 
complex, but still doable from userspace.  I expect if need is deemed high for 
this, a drop-in composer package can do 90% of the work automatically.

-Sara 

Reply via email to