Opened 7 years ago

Closed 7 years ago

Last modified 6 years ago

#28965 closed Cleanup/optimization (fixed)

Update cookie date format to follow RFC2616

Reported by: Alexey Owned by: Alexey
Component: Utilities Version: 2.0
Severity: Normal Keywords: cookie
Cc: Sergey Fedoseev Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description (last modified by Alexey)

For some reason Django set expires for cookies with hyphens in date (Tue, 25-Dec-2018 22:26:13 GMT).

Seems it was first introduced in 390666ac2bf8223bede4f78a97836051bc9f9526 to fix #508

The proper format is UTC string (RFC-1123): Tue, 25 Dec 2018 21:15:29 GMT

Change History (14)

comment:1 by Alexey, 7 years ago

Description: modified (diff)

comment:2 by Tim Graham, 7 years ago

Are you seeing a problematic behavior or is this merely cosmetic?

comment:3 by Sergey Fedoseev, 7 years ago

expires cookie is defined by RFC 6265 (April 2011). It says that server SHOULD format expires cookie value as rfc1123-date, defined in RFC2616 (without hyphens). User agent MUST parse that value more permissively, for example allow hyphens as delimiters.
Currently Django uses format defined by pre-RFC "Netscape cookie specification" mentioned in the introduction of RFC 6265. Perhaps IE understands only that format https://blogs.msdn.microsoft.com/ieinternals/2009/08/20/internet-explorer-cookie-internals-faq/.

comment:4 by Sergey Fedoseev, 7 years ago

Cc: Sergey Fedoseev added

comment:5 by Tim Graham, 7 years ago

Summary: Wrong format for cookie 'expires'Update cookie date format to follow RFC2616
Triage Stage: UnreviewedAccepted
Type: BugCleanup/optimization

Hopefully nothing will break if we follow the newest RFC.

comment:6 by Alexey, 7 years ago

For me it just cosmetic change.

I think that there is no reason to support browser that is already unsupported.

comment:7 by Alexey, 7 years ago

Owner: changed from nobody to Alexey
Status: newassigned

comment:8 by Alexey, 7 years ago

Has patch: set

comment:9 by Tim Graham, 7 years ago

Patch needs improvement: set

I left some comments for improvement on the PR.

comment:10 by Tim Graham, 7 years ago

Patch needs improvement: unset

I updated the patch to switch usages of cookie_date() to http_date() and added a commit to deprecate the now unused cookie_date() function.

comment:11 by Alexey, 7 years ago

Thanks for a help, Tim!

Should i do anything else with PR?

comment:12 by Tim Graham <timograham@…>, 7 years ago

Resolution: fixed
Status: assignedclosed

In 0afffae4:

Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC 7231.

comment:13 by Tim Graham <timograham@…>, 7 years ago

In ab7f4c33:

Refs #28965 -- Deprecated unused django.utils.http.cookie_date().

comment:14 by Tim Graham <timograham@…>, 6 years ago

In 958a7b4c:

Refs #28965 -- Removed utils.http.cookie_date() per deprecation timeline.

Note: See TracTickets for help on using tickets.
Back to Top