rfc:same-site-cookie

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rfc:same-site-cookie [2017/08/26 15:31] f.bosch_genkgo.nlrfc:same-site-cookie [2018/09/20 11:09] – Add errata according to https://externals.io/message/103193 cmb
Line 4: Line 4:
   * Author of RFC and creator of PR: Frederik Bosch, f.bosch@genkgo.nl   * Author of RFC and creator of PR: Frederik Bosch, f.bosch@genkgo.nl
   * Author of original patch: xistence at 0x90 dot nl   * Author of original patch: xistence at 0x90 dot nl
-  * Status: Voting+  * Status: Implemented (PHP 7.3 via commit [[http://git.php.net/?p=php-src.git;a=commit;h=08b9310|08b9310]] and [[http://git.php.net/?p=php-src.git;a=commit;h=2b58ab2|2b58ab2]].)
   * First Published at: https://wiki.php.net/rfc/same-site-cookie   * First Published at: https://wiki.php.net/rfc/same-site-cookie
  
Line 133: Line 133:
  
  
-<doodle title="Add samesite argument to setcookie, setrawcookie and session_set_cookie_params functions?" auth="f.bosch@genkgo.nl" voteType="single" closed="false">+<doodle title="Add samesite argument to setcookie, setrawcookie and session_set_cookie_params functions?" auth="f.bosch@genkgo.nl" voteType="single" closed="true">
    * Yes    * Yes
    * No    * No
Line 140: Line 140:
 === Second implementation suggestion === === Second implementation suggestion ===
  
-<doodle title="Allow setcookie, setrawcookie and session_set_cookie_params to accept an array of options as fourth/second parameter, with the possible options being path, domain, secure, httponly and samesite?" auth="f.bosch@genkgo.nl" voteType="single" closed="false">+<doodle title="Allow setcookie, setrawcookie and session_set_cookie_params to accept an array of options as fourth/second parameter, with the possible options being path, domain, secure, httponly and samesite?" auth="f.bosch@genkgo.nl" voteType="single" closed="true">
    * Yes    * Yes
    * No    * No
Line 148: Line 148:
   * [[https://github.com/php/php-src/pull/2613|Github PR #2613 containing the additional argument solution]]   * [[https://github.com/php/php-src/pull/2613|Github PR #2613 containing the additional argument solution]]
   * Github PR with the array of options solution will be created when this RFC gets accepted   * Github PR with the array of options solution will be created when this RFC gets accepted
 +  * Implemented via [[http://git.php.net/?p=php-src.git;a=commit;h=08b9310]] and [[http://git.php.net/?p=php-src.git;a=commit;h=2b58ab2]]
 +  * Documented via [[http://svn.php.net/viewvc?view=revision&revision=345661]]
  
 ===== References ===== ===== References =====
Line 154: Line 156:
   * [[https://scotthelme.co.uk/csrf-is-dead/|CSRF is dead]]   * [[https://scotthelme.co.uk/csrf-is-dead/|CSRF is dead]]
   * [[https://caniuse.com/#search=samesite|browsers that implement SameSite cookie]]   * [[https://caniuse.com/#search=samesite|browsers that implement SameSite cookie]]
 +
 +===== Errata =====
 +
 +The actually implemented alternative signatures of the functions have been slightly changed from the original RFC. See the documentation in the PHP manual for details: 
 +  * [[http://php.net/manual/en/function.setcookie.php|setcookie()]]
 +  * [[http://php.net/manual/en/function.setrawcookie.php|setrawcookie()]]
 +  * [[http://php.net/manual/en/function.session-set-cookie-params.php|session_set_cookie_params()]]
rfc/same-site-cookie.txt · Last modified: 2022/11/21 11:07 by girgias

Page Tools