April KingNov 21, 2024

Handling Cookies is a Minefield:

inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.

https://grayduck.mn/2024/11/21/handling-cookies-is-a-minefield/

April King — Handling Cookies is a Minefield

Discrepancies in how browsers and libraries handle HTTP cookies, and the problems caused by such things.

Show threadBen RamseyNov 23, 2024

@april @krinkle Hahaha! I ran into this issue about 15 years ago and thought maybe the Cookie2 and Set-Cookie2 headers were the way to go (since they appear to resolve the value of the cookie), but literally no one ever used that header, so it’s deprecated, now.

https://www.rfc-editor.org/rfc/rfc2965
https://www.rfc-editor.org/rfc/rfc6265

RFC 2965: HTTP State Management Mechanism

Show threadignace nyamagana butera
@ramsey @april @krinkle I think the new and better response is https://www.rfc-editor.org/rfc/rfc9651.html but for some reasons this as yet to gain traction in PHP 🤷
RFC 9651: Structured Field Values for HTTP

This document describes a set of data types and associated algorithms that are intended to make it easier and safer to define and handle HTTP header and trailer fields, known as "Structured Fields", "Structured Headers", or "Structured Trailers". It is intended for use by specifications of new HTTP fields. This document obsoletes RFC 8941.

Nov 23, 2024 at 7:38amWeb
Show threadBen RamseyNov 23, 2024
@nyamsprod @april @krinkle It appears it’s still very new. I’ve never heard of it, but I like what I see.
Show threadignace nyamagana buteraNov 23, 2024
@ramsey @april @krinkle its been there for almost 4 years and all new headers from Chrome to what not uses it already. I even created a PHP package for it . Working on v2 at the moment https://github.com/bakame-php/http-structured-fields
GitHub - bakame-php/http-structured-fields: Structured Field Values for HTTP manipulation in PHP

Structured Field Values for HTTP manipulation in PHP - bakame-php/http-structured-fields

GitHub