rfc:same-site-cookie

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
rfc:same-site-cookie [2017/08/26 15:31] f.bosch_genkgo.nlrfc:same-site-cookie [2022/11/21 11:07] (current) – Point commits to GitHub girgias
Line 4: Line 4:
   * Author of RFC and creator of PR: Frederik Bosch, f.bosch@genkgo.nl   * Author of RFC and creator of PR: Frederik Bosch, f.bosch@genkgo.nl
   * Author of original patch: xistence at 0x90 dot nl   * Author of original patch: xistence at 0x90 dot nl
-  * Status: Voting+  * Status: Implemented (PHP 7.3 via commit [[https://github.com/php/php-src/commit/08b9310|08b9310]] and [[https://github.com/php/php-src/commit/2b58ab2|2b58ab2]].)
   * First Published at: https://wiki.php.net/rfc/same-site-cookie   * First Published at: https://wiki.php.net/rfc/same-site-cookie
  
Line 133: Line 133:
  
  
-<doodle title="Add samesite argument to setcookie, setrawcookie and session_set_cookie_params functions?" auth="f.bosch@genkgo.nl" voteType="single" closed="false">+<doodle title="Add samesite argument to setcookie, setrawcookie and session_set_cookie_params functions?" auth="f.bosch@genkgo.nl" voteType="single" closed="true">
    * Yes    * Yes
    * No    * No
Line 140: Line 140:
 === Second implementation suggestion === === Second implementation suggestion ===
  
-<doodle title="Allow setcookie, setrawcookie and session_set_cookie_params to accept an array of options as fourth/second parameter, with the possible options being path, domain, secure, httponly and samesite?" auth="f.bosch@genkgo.nl" voteType="single" closed="false">+<doodle title="Allow setcookie, setrawcookie and session_set_cookie_params to accept an array of options as fourth/second parameter, with the possible options being path, domain, secure, httponly and samesite?" auth="f.bosch@genkgo.nl" voteType="single" closed="true">
    * Yes    * Yes
    * No    * No
Line 148: Line 148:
   * [[https://github.com/php/php-src/pull/2613|Github PR #2613 containing the additional argument solution]]   * [[https://github.com/php/php-src/pull/2613|Github PR #2613 containing the additional argument solution]]
   * Github PR with the array of options solution will be created when this RFC gets accepted   * Github PR with the array of options solution will be created when this RFC gets accepted
 +  * Implemented via [[https://github.com/php/php-src/commit/08b9310]] and [[https://github.com/php/php-src/commit/2b58ab2]]
 +  * Documented via [[https://github.com/php/doc-en/commit/ffe8f84ec5ec175a2b8ddf23a569d4e621866d76]]
  
 ===== References ===== ===== References =====
Line 154: Line 156:
   * [[https://scotthelme.co.uk/csrf-is-dead/|CSRF is dead]]   * [[https://scotthelme.co.uk/csrf-is-dead/|CSRF is dead]]
   * [[https://caniuse.com/#search=samesite|browsers that implement SameSite cookie]]   * [[https://caniuse.com/#search=samesite|browsers that implement SameSite cookie]]
 +
 +===== Errata =====
 +
 +The actually implemented alternative signatures of the functions have been slightly changed from the original RFC. See the documentation in the PHP manual for details: 
 +  * [[http://php.net/manual/en/function.setcookie.php|setcookie()]]
 +  * [[http://php.net/manual/en/function.setrawcookie.php|setrawcookie()]]
 +  * [[http://php.net/manual/en/function.session-set-cookie-params.php|session_set_cookie_params()]]
rfc/same-site-cookie.1503761514.txt.gz · Last modified: 2017/09/22 13:28 (external edit)