Opened 9 years ago

Closed 9 years ago

#5562 closed (fixed)

delete_cookie function in HttpResponse should set 'expires' to a time string, not 0

Reported by: ljpsfree <caifen1985@…> Owned by: nobody
Component: HTTP handling Version: master
Severity: Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

  • In this function,
      self.cookies[key]['expires'] = 0
    
  • Here the expire time set to a number, but it should set to a time string. The browser can't set the expire time for this cookie, so it will not be removed.I just set the expires time to a GMT beginning time string, and it works correct.
     self.cookies[key]['expires'] = "Thu 1-Jan-1970 00:00:00 GMT"
    

Attachments (2)

delete_cookie.patch (126 bytes) - added by ljpsfree <caifen1985@…> 9 years ago.
5562.patch (844 bytes) - added by Chris Beaven 9 years ago.

Download all attachments as: .zip

Change History (7)

Changed 9 years ago by ljpsfree <caifen1985@…>

Attachment: delete_cookie.patch added

Changed 9 years ago by Chris Beaven

Attachment: 5562.patch added

comment:1 Changed 9 years ago by Chris Beaven

Summary: delete_cookie function in HttpResponse object doesn't work.delete_cookie function in HttpResponse should set 'expires' to a time string, not 0
Triage Stage: UnreviewedReady for checkin

comment:2 Changed 9 years ago by ljpsfree <caifen1985@…>

  • I have figured out that my patch couldn't display when I click the link of the patch but yours can. I want to know how can I make a patch like yours.

comment:3 in reply to:  2 Changed 9 years ago by Chris Beaven

Replying to ljpsfree <caifen1985@gmail.com>:

  • I have figured out that my patch couldn't display when I click the link of the patch but yours can. I want to know how can I make a patch like yours.

From the contributing documentation page:
When creating patches, always run svn diff from the top-level trunk directory — i.e., the one that contains django, docs, tests, AUTHORS, etc. This makes it easy for other people to apply your patches.

comment:4 Changed 9 years ago by Malcolm Tredinnick

So, I'll note in passing that any browser who can't handle our current behaviour is broken,since the HTTP spec says that a value such as "0" (anything not a valid date) MUST be treated as in the past. Still, as Mark Nottingham has discovered, spec compliance in this area is poor, so we'll fix this.

comment:5 Changed 9 years ago by Malcolm Tredinnick

Resolution: fixed
Status: newclosed

(In [6549]) Fixed #5562 -- Changed settings of Expires heading when expiring a cookie to
work with non-compliant browsers (also removes a non-compliance feature of our
own). Thanks, caifen1985@… and SmileyChris.

Note: See TracTickets for help on using tickets.
Back to Top