Context Navigation

← Previous Ticket
Next Ticket →

#28965 closed Cleanup/optimization (fixed)

Update cookie date format to follow RFC2616

Reported by:	Alexey	Owned by:	Alexey
Component:	Utilities	Version:	2.0
Severity:	Normal	Keywords:	cookie
Cc:	Sergey Fedoseev	Triage Stage:	Accepted
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	yes	UI/UX:	no

Description (last modified by Alexey)

For some reason Django set expires for cookies with hyphens in date (Tue, 25-Dec-2018 22:26:13 GMT).

Seems it was first introduced in 390666ac2bf8223bede4f78a97836051bc9f9526 to fix #508

The proper format is UTC string (RFC-1123): Tue, 25 Dec 2018 21:15:29 GMT

Change History (14)

comment:1 by Alexey, 6 years ago

Description:	modified (diff)

comment:2 by Tim Graham, 6 years ago

Are you seeing a problematic behavior or is this merely cosmetic?

comment:3 by Sergey Fedoseev, 6 years ago

expires cookie is defined by RFC 6265 (April 2011). It says that server SHOULD format expires cookie value as rfc1123-date, defined in RFC2616 (without hyphens). User agent MUST parse that value more permissively, for example allow hyphens as delimiters.
Currently Django uses format defined by pre-RFC "Netscape cookie specification" mentioned in the introduction of RFC 6265. Perhaps IE understands only that format https://blogs.msdn.microsoft.com/ieinternals/2009/08/20/internet-explorer-cookie-internals-faq/.

comment:4 by Sergey Fedoseev, 6 years ago

Cc:	Sergey Fedoseev added

comment:5 by Tim Graham, 6 years ago

Summary:	Wrong format for cookie 'expires' → Update cookie date format to follow RFC2616
Triage Stage:	Unreviewed → Accepted
Type:	Bug → Cleanup/optimization

Hopefully nothing will break if we follow the newest RFC.

comment:6 by Alexey, 6 years ago

For me it just cosmetic change.

I think that there is no reason to support browser that is already unsupported.

comment:7 by Alexey, 6 years ago

Owner:	changed from nobody to Alexey
Status:	new → assigned

comment:8 by Alexey, 6 years ago

Has patch:	set

comment:9 by Tim Graham, 6 years ago

Patch needs improvement:	set

I left some comments for improvement on the PR.

comment:10 by Tim Graham, 6 years ago

Patch needs improvement:	unset

I updated the patch to switch usages of cookie_date() to http_date() and added a commit to deprecate the now unused cookie_date() function.

comment:11 by Alexey, 6 years ago

Thanks for a help, Tim!

Should i do anything else with PR?

comment:12 by Tim Graham <timograham@…>, 6 years ago

Resolution:	→ fixed
Status:	assigned → closed

In 0afffae4:

Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231.

comment:13 by Tim Graham <timograham@…>, 6 years ago

In ab7f4c33:

Refs #28965 -- Deprecated unused django.utils.http.cookie_date().

comment:14 by Tim Graham <timograham@…>, 5 years ago

In 958a7b4c:

Refs #28965 -- Removed utils.http.cookie_date() per deprecation timeline.

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues