Opened 9 years ago

Closed 9 years ago

#25644 closed Bug (fixed)

Setting a cookie after deletion should not keep 1970 as expiry date

Reported by: Rollo Konig-Brock Owned by: Raphael Merx
Component: HTTP handling Version: 1.8
Severity: Normal Keywords: cookies http
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

If I delete a cookie, and then set it again, the cookie's expiration date will be Thu, 01-Jan-1970 00:00:00 GMT meaning that it is still slated for deletion.

A failing test I wrote to verify this.

https://github.com/rollokb/django/blob/bba4aa289771c8d6a190d41125a4cd6ac0bfe821/tests/requests/tests.py#L202-L209

Change History (8)

comment:1 by Rollo Konig-Brock, 9 years ago

Type: UncategorizedBug

comment:2 by Tim Graham, 9 years ago

Triage Stage: UnreviewedAccepted

This seems easy to fix

  • django/http/response.py

    --git a/django/http/response.py b/django/http/response.py
    index ed5c14e..cdc098f 100644
    a b class HttpResponseBase(six.Iterator):  
    216216
    217217    def delete_cookie(self, key, path='/', domain=None):
    218218        self.set_cookie(key, max_age=0, path=path, domain=domain,
    219                         expires='Thu, 01-Jan-1970 00:00:00 GMT')
     219                        expires='')
    220220
    221221    # Common methods used by subclasses
    222222
Version 1, edited 9 years ago by Mariusz Felisiak (previous) (next) (diff)

comment:3 by Mariusz Felisiak, 9 years ago

This seems easy to fix

  • django/http/response.py

    --git a/django/http/response.py b/django/http/response.py
    index ed5c14e..cdc098f 100644
    a b class HttpResponseBase(six.Iterator):  
    216216
    217217    def delete_cookie(self, key, path='/', domain=None):
    218218        self.set_cookie(key, max_age=0, path=path, domain=domain,
    219                         expires='Thu, 01-Jan-1970 00:00:00 GMT')
     219                        expires='')
    220220
    221221    # Common methods used by subclasses

comment:4 by Tim Graham, 9 years ago

Will that still result in the browser deleting the cookie?

in reply to:  4 comment:5 by Rollo Konig-Brock, 9 years ago

Replying to timgraham:

Will that still result in the browser deleting the cookie?

Tested, it doesn't.

comment:6 by Raphael Merx, 9 years ago

Owner: changed from nobody to Raphael Merx
Status: newassigned

comment:7 by Tim Graham, 9 years ago

Has patch: set

comment:8 by Tim Graham <timograham@…>, 9 years ago

Resolution: fixed
Status: assignedclosed

In 0a19f8d:

Fixed #25644 -- Fixed reset cookie expiry date bug.

Setting a cookie with the same name as a previously deleted cookie
would set its expiry date to 'Thu, 01-Jan-1970 00:00:00 GMT'.

Note: See TracTickets for help on using tickets.
Back to Top