diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2018-07-31 12:48:33 +0200 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2018-07-31 12:48:33 +0200 |
commit | 974abd8b432a3d495539ebcfb864ae7340ee0f53 (patch) | |
tree | 1e09cd4fa5e592029b9fdc536ec1ed1090541f22 | |
parent | 2b58ab23c6ad3301b31a2015f5faa31801147dfd (diff) | |
download | php-git-974abd8b432a3d495539ebcfb864ae7340ee0f53.tar.gz |
Update UPGRADING wrt. samesite cookie RFC
Cf. <https://wiki.php.net/rfc/same-site-cookie>.
-rw-r--r-- | UPGRADING | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -332,11 +332,23 @@ JSON: precedence over JSON_THROW_ON_ERROR. (RFC: https://wiki.php.net/rfc/json_throw_on_error) +Session: + . session_set_cookie_params() now also supports the following signature: + session_set_cookie_params(array $options) + where $options is an associative array which may have any of the keys + "lifetime", "path", "domain", "secure", "httponly" and "samesite". + Accordingly, the return value of session_get_cookie_params() now also has an + element with the key "samesite". + Standard: . debug_zval_dump() was changed to display recursive arrays and objects in the same way as var_dump(). Now, it doesn't display them twice. . array_push() and array_unshift() can now also be called with a single argument, which is particularly convenient wrt. the spread operator. + . setcookie() and setrawcookie() now also support the following signature: + set(raw)cookie(string $name, [string $value, [array $options]]) + where $options is an associative array which may have any of the keys + "lifetime", "path", "domain", "secure", "httponly" and "samesite". PCRE: . preg_quote() now also escapes the '#' character. @@ -507,6 +519,11 @@ Standard: . This INI directive has been removed. The value has already been ignored since PHP 5.3.0. +- session.cookie_samesite + . New INI option to allow to set the SameSite directive for cookies. Defaults + to "" (empty string), so no SameSite directive is set. Can be set to "Lax" + or "Strict", which sets the respective SameSite directive. + - syslog.facility - New INI to set syslog facility which specifies what type of program is logging the message. It is used only when error_log is set to syslog. |