Ticket Navigation

Ticket #5816 (closed: fixed)

Opened 1 year ago

Last modified 1 year ago

Cookie 'expires' date is modified by locale

Reported by:	Michael Lemaire	Assigned to:	nobody
Milestone:		Component:	HTTP handling
Version:	SVN	Keywords:
Cc:		Triage Stage:	Ready for checkin
Has patch:	1	Needs documentation:	0
Needs tests:	0	Patch needs improvement:	0

Description

When you set the locale to something other than english (I do this in my views.py) the cookie sent by the server with the 'sessionid' has an expire date written with this locale, which makes the cookie rejected by some browsers (like Safari for instance).

I do this at the top of my views.py (after django imports): locale.setlocale(locale.LC_ALL,'fr_FR.utf8')

And the cookie sent in HTTP headers is: Set-Cookie: sessionid=fdb004842a4142ac821ed522a78d54cd; expires=jeu, 08-nov-2007 12:30:48 GMT; Max-Age=1209600; Path=/

Most browsers seems to tolerate this, but not Safari.

Attachments

5816.diff (1.2 kB) - added by Karen Tracey <kmtracey@gmail.com> on 10/25/07 10:26:00.: Restore old date formatting code
http_dates.diff (7.8 kB) - added by SmileyChris on 10/25/07 18:27:04.
http_dates.2.diff (7.7 kB) - added by SmileyChris on 10/25/07 19:49:32.

Change History

10/25/07 07:50:49 changed by Michael Lemaire <thunderkill25@yahoo.fr>

needs_better_patch changed.
needs_tests changed.
needs_docs changed.

10/25/07 10:26:00 changed by Karen Tracey <kmtracey@gmail.com>

attachment 5816.diff added.

Restore old date formatting code

10/25/07 10:29:06 changed by Karen Tracey <kmtracey@gmail.com>

version changed from 0.96 to SVN.
stage changed from Unreviewed to Accepted.

This was previously reported and fixed in #4119, but then the formatting code was changed back to use strftime by changeset 6333 (to fix #2066). Attached patch restores the old code.

10/25/07 10:29:30 changed by Karen Tracey <kmtracey@gmail.com>

has_patch set to 1.

10/25/07 18:27:04 changed by SmileyChris

attachment http_dates.diff added.

10/25/07 18:33:02 changed by SmileyChris

stage changed from Accepted to Ready for checkin.

Good catch, Karen. This did cross my mind when I was updating my session middleware patch but I dismissed it.

My patch adds the following methods to django.utils.http (and refactors code which use them):

cookie_date -- which formats the date to be compatible with the Netscape format

http_date -- which formats the date to be compatible with HTTP

Note that the previous format we were using for a backwards compatible cookie date was actually incorrect, the spec says it should be DD-Mon-YY, not DD-Mon-YYYY.

10/25/07 18:36:35 changed by SmileyChris

Oh, it also replaces the reference to the rfc822 module (deprecated since 2.3) replacing with email.Utils

10/25/07 18:37:54 changed by SmileyChris

And sorry, thanks Michael for the report (creds for the initial patch though, Karen ;))

10/25/07 19:35:00 changed by mtredinnick

needs_better_patch set to 1.
stage changed from Ready for checkin to Accepted.

The problem with specs is that there are so many to choose from. RFC 2109 (not 2019 mentioned in the comments) was poorly accepted in practice and everybody implemented the original Netscape spec, which had four digit years to be compliant with, e.g., RFC 822. So our original code was correct in this respect. Cookies are the most inconsistently specified thing, even for browsers, which a history of poor specification. We only need one date formatting function here.

10/25/07 19:44:40 changed by SmileyChris

I'm guilty of combining patches again here. This ticket only needs cookie_date

...but while I was at it I thought I'd tidy up the HTTP date references too (the formatdate(...)[:26] + 'GMT' code everywhere seems a bit silly) so that's what http_date is for: HTTP headers. We could just use email.Utils.formatdate(usegmt=True) but that only came in in 2.4 so it seemed tidier to abstract it to our own util method.

Re the original Netscape spec - fair enough, I'll fix that.

10/25/07 19:49:32 changed by SmileyChris

attachment http_dates.2.diff added.

10/25/07 19:50:22 changed by SmileyChris

needs_better_patch deleted.
stage changed from Accepted to Ready for checkin.

10/30/07 23:00:54 changed by gwilson

status changed from new to closed.
resolution set to fixed.

Fixed in [6634].

Add/Change #5816 (Cookie 'expires' date is modified by locale)

Your email or username:

Comment (you may use WikiFormatting here):

Change Properties

Summary:
Milestone:		Component:
Version:		Keywords:
Cc:		Triage Stage:
Has patch:		Needs documentation:
Needs tests:		Patch needs improvement:

Action leave as closed
reopen ticket

Download in other formats:

Comma-delimited Text
Tab-delimited Text
RSS Feed

Code