Opened 9 months ago

Closed 9 months ago

Last modified 9 months ago

#28965 closed Cleanup/optimization (fixed)

Update cookie date format to follow RFC2616

Reported by: Alexey Owned by: Alexey
Component: Utilities Version: 2.0
Severity: Normal Keywords: cookie
Cc: Sergey Fedoseev Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description (last modified by Alexey)

For some reason Django set expires for cookies with hyphens in date (Tue, 25-Dec-2018 22:26:13 GMT).

Seems it was first introduced in 390666ac2bf8223bede4f78a97836051bc9f9526 to fix #508

The proper format is UTC string (RFC-1123): Tue, 25 Dec 2018 21:15:29 GMT

Change History (13)

comment:1 Changed 9 months ago by Alexey

Description: modified (diff)

comment:2 Changed 9 months ago by Tim Graham

Are you seeing a problematic behavior or is this merely cosmetic?

comment:3 Changed 9 months ago by Sergey Fedoseev

expires cookie is defined by RFC 6265 (April 2011). It says that server SHOULD format expires cookie value as rfc1123-date, defined in RFC2616 (without hyphens). User agent MUST parse that value more permissively, for example allow hyphens as delimiters.
Currently Django uses format defined by pre-RFC "Netscape cookie specification" mentioned in the introduction of RFC 6265. Perhaps IE understands only that format https://blogs.msdn.microsoft.com/ieinternals/2009/08/20/internet-explorer-cookie-internals-faq/.

comment:4 Changed 9 months ago by Sergey Fedoseev

Cc: Sergey Fedoseev added

comment:5 Changed 9 months ago by Tim Graham

Summary: Wrong format for cookie 'expires'Update cookie date format to follow RFC2616
Triage Stage: UnreviewedAccepted
Type: BugCleanup/optimization

Hopefully nothing will break if we follow the newest RFC.

comment:6 Changed 9 months ago by Alexey

For me it just cosmetic change.

I think that there is no reason to support browser that is already unsupported.

comment:7 Changed 9 months ago by Alexey

Owner: changed from nobody to Alexey
Status: newassigned

comment:8 Changed 9 months ago by Alexey

Has patch: set

comment:9 Changed 9 months ago by Tim Graham

Patch needs improvement: set

I left some comments for improvement on the PR.

comment:10 Changed 9 months ago by Tim Graham

Patch needs improvement: unset

I updated the patch to switch usages of cookie_date() to http_date() and added a commit to deprecate the now unused cookie_date() function.

comment:11 Changed 9 months ago by Alexey

Thanks for a help, Tim!

Should i do anything else with PR?

comment:12 Changed 9 months ago by Tim Graham <timograham@…>

Resolution: fixed
Status: assignedclosed

In 0afffae4:

Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231.

comment:13 Changed 9 months ago by Tim Graham <timograham@…>

In ab7f4c33:

Refs #28965 -- Deprecated unused django.utils.http.cookie_date().

Note: See TracTickets for help on using tickets.
Back to Top