Differences

This shows you the differences between two versions of the page.

--- rfc:same-site-cookie [2017/07/24 08:45] – f.bosch_genkgo.nl
+++ rfc:same-site-cookie [2018/09/20 11:09] – Add errata according to https://externals.io/message/103193 cmb
@@ Line 4: / Line 4: @@
   * Author of RFC and creator of PR: Frederik Bosch, f.bosch@genkgo.nl
   * Author of original patch: xistence at 0x90 dot nl
-  * Status: Draft
+  * Status: Implemented (PHP 7.3 via commit [[http://git.php.net/?p=php-src.git;a=commit;h=08b9310|08b9310]] and [[http://git.php.net/?p=php-src.git;a=commit;h=2b58ab2|2b58ab2]].)
   * First Published at: https://wiki.php.net/rfc/same-site-cookie
@@ Line 66: / Line 66: @@
 <code php>
-bool setcookie ( string $name [, string $value = "" [, int $expire = 0 [, string $path = "" [, string $domain = "" [, bool $secure = false [, bool $httponly = false]]]]]] )
+bool setrawcookie ( string $name [, string $value = "" [, int $expire = 0 [, string $path = "" [, string $domain = "" [, bool $secure = false [, bool $httponly = false]]]]]] )
-bool setcookie ( string $name [, string $value = "" [, int $expire = 0 [, array $options ]]] )
+bool setrawcookie ( string $name [, string $value = "" [, int $expire = 0 [, array $options ]]] )
 </code>
@@ Line 80: / Line 80: @@
 <code php>
+void session_set_cookie_params ( int $lifetime [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]] )
 void session_set_cookie_params ( int $lifetime [, array $options ] )
 </code>
@@ Line 111: / Line 112: @@
 ===== Proposed PHP Version(s) =====
-next PHP 7.x
+Next PHP 7.x. Since deadlines have passed for 7.2, this will be 7.3.
 ===== RFC Impact =====
@@ Line 126: / Line 127: @@
 ===== Proposed Voting Choices =====
-This RFC requires a 50%+1 majority. When opening the RFC there will be two questions.
+This RFC requires a 50%+1 majority. If both questions pass, only the one with most votes will be implemented.
-. Add samesite argument to setcookie, setrawcookie and session_set_cookie_params functions.
-. Allow setcookie, setrawcookie and session_set_cookie_params to accept an array of options, with the possible options being path, domain, secure, httponly and samesite.
+=== First implementation suggestion ===
+<doodle title="Add samesite argument to setcookie, setrawcookie and session_set_cookie_params functions?" auth="f.bosch@genkgo.nl" voteType="single" closed="true">
+   * Yes
+   * No
+</doodle>
+=== Second implementation suggestion ===
+<doodle title="Allow setcookie, setrawcookie and session_set_cookie_params to accept an array of options as fourth/second parameter, with the possible options being path, domain, secure, httponly and samesite?" auth="f.bosch@genkgo.nl" voteType="single" closed="true">
+   * Yes
+   * No
+</doodle>
 ===== Patches and Tests =====
-  * [[https://github.com/php/php-src/pull/2613|Github PR #2613]]
+  * [[https://github.com/php/php-src/pull/2613|Github PR #2613 containing the additional argument solution]]
+  * Github PR with the array of options solution will be created when this RFC gets accepted
+  * Implemented via [[http://git.php.net/?p=php-src.git;a=commit;h=08b9310]] and [[http://git.php.net/?p=php-src.git;a=commit;h=2b58ab2]]
+  * Documented via [[http://svn.php.net/viewvc?view=revision&revision=345661]]
 ===== References =====
@@ Line 140: / Line 156: @@
   * [[https://scotthelme.co.uk/csrf-is-dead/|CSRF is dead]]
   * [[https://caniuse.com/#search=samesite|browsers that implement SameSite cookie]]
+===== Errata =====
+The actually implemented alternative signatures of the functions have been slightly changed from the original RFC. See the documentation in the PHP manual for details:
+  * [[http://php.net/manual/en/function.setcookie.php|setcookie()]]
+  * [[http://php.net/manual/en/function.setrawcookie.php|setrawcookie()]]
+  * [[http://php.net/manual/en/function.session-set-cookie-params.php|session_set_cookie_params()]]

Differences

Page Tools