Incorrect HTTP-Date format in expire field of HTTP Header
|Reported by:||Jari Pennanen||Owned by:||Malcolm Tredinnick|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Currently the Django uses
datetime.strftime to format it's HTTP-Date, because strftime is localized function it should not be used for it.
Changing locales to something else than English will break Django's session system on some browsers at the current state.
datetime.ctime instead makes Django's HTTP-Date format automatically correct and it is not anymore locale dependent.
ctime function also automatically handles the GMT conversion if needed, that is why the patch also changes the
now. It conforms the HTTP Specification clearly as in here HTTP Specs is stated (the third choice).
This fixes only expire field in
django.contrib.session.middleware but the problem might be elsewhere too (mostly where HTTP-Date is used). Common rule is that
strftime is not meant for fixed date formats.
Change History (17)
comment:1 Changed 10 years ago by
|Patch needs improvement:||unset|