Opened 8 years ago

Closed 8 years ago

#5562 closed (fixed)

delete_cookie function in HttpResponse should set 'expires' to a time string, not 0

Reported by: ljpsfree <caifen1985@…> Owned by: nobody
Component: HTTP handling Version: master
Severity: Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

  • In this function,
      self.cookies[key]['expires'] = 0
    
  • Here the expire time set to a number, but it should set to a time string. The browser can't set the expire time for this cookie, so it will not be removed.I just set the expires time to a GMT beginning time string, and it works correct.
     self.cookies[key]['expires'] = "Thu 1-Jan-1970 00:00:00 GMT"
    

Attachments (2)

delete_cookie.patch (126 bytes) - added by ljpsfree <caifen1985@…> 8 years ago.
5562.patch (844 bytes) - added by SmileyChris 8 years ago.

Download all attachments as: .zip

Change History (7)

Changed 8 years ago by ljpsfree <caifen1985@…>

Changed 8 years ago by SmileyChris

comment:1 Changed 8 years ago by SmileyChris

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Summary changed from delete_cookie function in HttpResponse object doesn't work. to delete_cookie function in HttpResponse should set 'expires' to a time string, not 0
  • Triage Stage changed from Unreviewed to Ready for checkin

comment:2 follow-up: Changed 8 years ago by ljpsfree <caifen1985@…>

  • I have figured out that my patch couldn't display when I click the link of the patch but yours can. I want to know how can I make a patch like yours.

comment:3 in reply to: ↑ 2 Changed 8 years ago by SmileyChris

Replying to ljpsfree <caifen1985@gmail.com>:

  • I have figured out that my patch couldn't display when I click the link of the patch but yours can. I want to know how can I make a patch like yours.

From the contributing documentation page:
When creating patches, always run svn diff from the top-level trunk directory — i.e., the one that contains django, docs, tests, AUTHORS, etc. This makes it easy for other people to apply your patches.

comment:4 Changed 8 years ago by mtredinnick

So, I'll note in passing that any browser who can't handle our current behaviour is broken,since the HTTP spec says that a value such as "0" (anything not a valid date) MUST be treated as in the past. Still, as Mark Nottingham has discovered, spec compliance in this area is poor, so we'll fix this.

comment:5 Changed 8 years ago by mtredinnick

  • Resolution set to fixed
  • Status changed from new to closed

(In [6549]) Fixed #5562 -- Changed settings of Expires heading when expiring a cookie to
work with non-compliant browsers (also removes a non-compliance feature of our
own). Thanks, caifen1985@… and SmileyChris.

Note: See TracTickets for help on using tickets.
Back to Top