Opened 17 years ago

Closed 17 years ago

#5562 closed (fixed)

delete_cookie function in HttpResponse should set 'expires' to a time string, not 0

Reported by: ljpsfree <caifen1985@…> Owned by: nobody
Component: HTTP handling Version: dev
Severity: Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

  • In this function,
      self.cookies[key]['expires'] = 0
    
  • Here the expire time set to a number, but it should set to a time string. The browser can't set the expire time for this cookie, so it will not be removed.I just set the expires time to a GMT beginning time string, and it works correct.
     self.cookies[key]['expires'] = "Thu 1-Jan-1970 00:00:00 GMT"
    

Attachments (2)

delete_cookie.patch (126 bytes ) - added by ljpsfree <caifen1985@…> 17 years ago.
5562.patch (844 bytes ) - added by Chris Beaven 17 years ago.

Download all attachments as: .zip

Change History (7)

by ljpsfree <caifen1985@…>, 17 years ago

Attachment: delete_cookie.patch added

by Chris Beaven, 17 years ago

Attachment: 5562.patch added

comment:1 by Chris Beaven, 17 years ago

Summary: delete_cookie function in HttpResponse object doesn't work.delete_cookie function in HttpResponse should set 'expires' to a time string, not 0
Triage Stage: UnreviewedReady for checkin

comment:2 by ljpsfree <caifen1985@…>, 17 years ago

  • I have figured out that my patch couldn't display when I click the link of the patch but yours can. I want to know how can I make a patch like yours.

in reply to:  2 comment:3 by Chris Beaven, 17 years ago

Replying to ljpsfree <caifen1985@gmail.com>:

  • I have figured out that my patch couldn't display when I click the link of the patch but yours can. I want to know how can I make a patch like yours.

From the contributing documentation page:
When creating patches, always run svn diff from the top-level trunk directory — i.e., the one that contains django, docs, tests, AUTHORS, etc. This makes it easy for other people to apply your patches.

comment:4 by Malcolm Tredinnick, 17 years ago

So, I'll note in passing that any browser who can't handle our current behaviour is broken,since the HTTP spec says that a value such as "0" (anything not a valid date) MUST be treated as in the past. Still, as Mark Nottingham has discovered, spec compliance in this area is poor, so we'll fix this.

comment:5 by Malcolm Tredinnick, 17 years ago

Resolution: fixed
Status: newclosed

(In [6549]) Fixed #5562 -- Changed settings of Expires heading when expiring a cookie to
work with non-compliant browsers (also removes a non-compliance feature of our
own). Thanks, caifen1985@… and SmileyChris.

Note: See TracTickets for help on using tickets.
Back to Top