Context Navigation

← Previous Ticket
Next Ticket →

#5562 closed (fixed)

delete_cookie function in HttpResponse should set 'expires' to a time string, not 0

Reported by:	ljpsfree <caifen1985@…>	Owned by:	nobody
Component:	HTTP handling	Version:	dev
Severity:		Keywords:
Cc:		Triage Stage:	Ready for checkin
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

In this function,
```
  self.cookies[key]['expires'] = 0
```
Here the expire time set to a number, but it should set to a time string. The browser can't set the expire time for this cookie, so it will not be removed.I just set the expires time to a GMT beginning time string, and it works correct.
```
 self.cookies[key]['expires'] = "Thu 1-Jan-1970 00:00:00 GMT"
```

Attachments (2)

delete_cookie.patch (126 bytes ) - added by ljpsfree <caifen1985@…> 17 years ago.
5562.patch (844 bytes ) - added by Chris Beaven 17 years ago.

Download all attachments as: .zip

Change History (7)

by ljpsfree <caifen1985@…>, 17 years ago

Attachment:	delete_cookie.patch added

by Chris Beaven, 17 years ago

Attachment:	5562.patch added

comment:1 by Chris Beaven, 17 years ago

Summary:	delete_cookie function in HttpResponse object doesn't work. → delete_cookie function in HttpResponse should set 'expires' to a time string, not 0
Triage Stage:	Unreviewed → Ready for checkin

follow-up: 3 comment:2 by ljpsfree <caifen1985@…>, 17 years ago

I have figured out that my patch couldn't display when I click the link of the patch but yours can. I want to know how can I make a patch like yours.

in reply to: 2 comment:3 by Chris Beaven, 17 years ago

Replying to ljpsfree <caifen1985@gmail.com>:

I have figured out that my patch couldn't display when I click the link of the patch but yours can. I want to know how can I make a patch like yours.

From the contributing documentation page:
When creating patches, always run svn diff from the top-level trunk directory — i.e., the one that contains django, docs, tests, AUTHORS, etc. This makes it easy for other people to apply your patches.

comment:4 by Malcolm Tredinnick, 17 years ago

So, I'll note in passing that any browser who can't handle our current behaviour is broken,since the HTTP spec says that a value such as "0" (anything not a valid date) MUST be treated as in the past. Still, as Mark Nottingham has discovered, spec compliance in this area is poor, so we'll fix this.

comment:5 by Malcolm Tredinnick, 17 years ago

Resolution:	→ fixed
Status:	new → closed

(In [6549]) Fixed #5562 -- Changed settings of Expires heading when expiring a cookie to
work with non-compliant browsers (also removes a non-compliance feature of our
own). Thanks, caifen1985@… and SmileyChris.

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues