Skip to content

http_cookie_set and http_cookie_remove#2643

Closed
blar wants to merge 3 commits intophp:masterfrom
blar:http_cookie
Closed

http_cookie_set and http_cookie_remove#2643
blar wants to merge 3 commits intophp:masterfrom
blar:http_cookie

Conversation

@blar
Copy link
Contributor

@blar blar commented Jul 22, 2017

bool http_cookie_set(string $name, string $value [, array $options])

expires: int, default: 0
path: string, default: ""
domain: string, default: ""
secure: bool, default: false
httponly: bool, default: false
encode: int, default: HTTP_COOKIE_ENCODE_RFC1738

Contants for encode option:
HTTP_COOKIE_ENCODE_NONE (same as setrawcookie)
HTTP_COOKIE_ENCODE_RFC1738 (same encoding as setcookie)
HTTP_COOKIE_ENCODE_RFC3986

If encoding is HTTP_COOKIE_ENCODE_NONE, then no encoding is performed. The caller is responsible for a correct encoding.

If encoding is HTTP_COOKIE_ENCODE_RFC1738, then encoding is performed per RFC 1738 and the application/x-www-form-urlencoded media type, which implies that spaces are encoded as plus (+) signs.

If encoding is HTTP_COOKIE_ENCODE_RFC3986, then encoding is performed according to RFC 3986, and spaces will be percent encoded (%20).

Set cookie with httponly without unnecessary pass the default values for $path, $domain or $secure like setcoookie() or setrawcookie()

http_cookie_set('foo', 'bar', [
    'httponly' => true
]);

Disable encoding and encode the value with another function:

http_cookie_set('foo', base64_encode($value), [
    'httponly' => true,
    'encoding' => HTTP_COOKIE_ENCODE_NONE
]);

bool http_cookie_remove(string $name);
Remove a cookie. No more need to look into the manual if the correct value is "", NULL or 0 to remove cookies.

@blar blar mentioned this pull request Jul 23, 2017
Closed
@krakjoe krakjoe added the RFC label Jul 24, 2017
@KalleZ
Copy link
Member

KalleZ commented Aug 23, 2017

I personally would prefer if the naming convention was the same as the already existing one to ensure we don't conflict with pecl/http, e.g.: removecookie() then alter setcookie() to check if the 3rd parameter is an array and handle from there, tho I do agree that removecookie() is a bad name.

Lets see what the other core devs have of thoughts on this

@Girgias
Copy link
Member

Girgias commented Feb 23, 2019

I know this PR is a tad old but couldn't the encoding be specified as a new key in the $options parameter (as of PHP 7.3) for the setcookie (and other related function such as session_set_cookie_params)?
Not sure however if this option would make any sense with setrawcookie but I supposed it should be included with it for consistency (or another option is that setrawcookie is obsolete if you can specify that no encoding should be done on it. But I feel this is a whole other topic subject to bunch of controversies).

@cmb69
Copy link
Member

cmb69 commented Apr 26, 2019
edited
Loading

@Girgias already mentioned that we could add an encode parameter to the options array of setcookie(). Not sure if that would require an RFC, but at least some discussion on the internals@ mailing list appears to be in order. Care to proceed with this @blar?

PS: ah, overlooked http_cookie_remove() which IMHO could be done easily in userland, though.

@krakjoe
Copy link
Member

krakjoe commented May 10, 2021

I'm going to draw a line under this, there didn't seem to be the interest from the OP to keep going.

@krakjoe krakjoe closed this May 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

RFC Waiting on Author

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@blar @KalleZ @Girgias @cmb69 @krakjoe