id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
4119	Incorrect HTTP-Date format in expire field of HTTP Header	Jari Pennanen	Malcolm Tredinnick	"Currently the Django uses `datetime.strftime` to format it's ''HTTP-Date'', because strftime is localized function it should not be used for it.

Changing locales to something else than English will break Django's session system on some browsers at the current state.

Using `datetime.ctime` instead makes Django's HTTP-Date format automatically correct and it is not anymore locale dependent. `ctime` function also automatically handles the GMT conversion if needed, that is why the patch also changes the `utcnow` to `now`. It conforms the HTTP Specification clearly as in here [http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.3 HTTP Specs] is stated (the third choice).

This fixes only expire field in `django.contrib.session.middleware` but the problem might be elsewhere too (mostly where HTTP-Date is used). Common rule is that `strftime` is not meant for fixed date formats."		closed	Contrib apps	dev		fixed	http-date header		Accepted	1	0	0	0	0	0