[Django] #28965: Wrong format for cookie 'expires'
Django
--------------------------------------+------------------------
Reporter: Alexey | Owner: nobody
Type: Bug | Status: new
Component: Utilities | Version: 2.0
Severity: Normal | Keywords: cookie
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
--------------------------------------+------------------------
For some reason Django set expires for cookies with slashes in date.
Seems it was first introduced in
[https://github.com/django/django/commit/390666ac2bf8223bede4f78a97836051bc9f9526
390666ac2bf8223bede4f78a97836051bc9f9526] to fix #508
The proper format is UTC string (RFC-1123)
--
Ticket URL: <https://code.djangoproject.com/ticket/28965>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Alexey | Owner: nobody
Type: Bug | Status: new
Component: Utilities | Version: 2.0
Keywords: cookie | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Description changed by Alexey:
Old description:
> For some reason Django set expires for cookies with slashes in date.
>
> Seems it was first introduced in
> [https://github.com/django/django/commit/390666ac2bf8223bede4f78a97836051bc9f9526
> 390666ac2bf8223bede4f78a97836051bc9f9526] to fix #508
>
> The proper format is UTC string (RFC-1123)
New description:
For some reason Django set expires for cookies with hyphens in date (Tue,
25-Dec-2018 22:26:13 GMT).
Seems it was first introduced in
[https://github.com/django/django/commit/390666ac2bf8223bede4f78a97836051bc9f9526
390666ac2bf8223bede4f78a97836051bc9f9526] to fix #508
The proper format is UTC string (RFC-1123): Tue, 25 Dec 2018 21:15:29 GMT
--
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:1>
Django
Reporter: Alexey | Owner: nobody
Type: Bug | Status: new
Component: Utilities | Version: 2.0
Keywords: cookie | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Tim Graham):
Are you seeing a problematic behavior or is this merely cosmetic?
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:2>
Django
Reporter: Alexey | Owner: nobody
Type: Bug | Status: new
Component: Utilities | Version: 2.0
Keywords: cookie | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Sergey Fedoseev):
`expires` cookie is defined by
[https://tools.ietf.org/html/rfc6265#section-5.2.1 RFC 6265 (April 2011)].
It says that server [https://tools.ietf.org/html/rfc6265#section-4.1.1
SHOULD] format `expires` cookie value as
[https://tools.ietf.org/html/rfc2616#section-3.3.1 rfc1123-date, defined
in RFC2616] (without hyphens). User agent
[https://tools.ietf.org/html/rfc6265#section-5.1.1 MUST] parse that value
more permissively, for example allow hyphens as delimiters.
Currently Django uses format defined by pre-RFC
"[https://web.archive.org/web/20020803110822/http://wp.netscape.com/newsref/std/cookie_spec.html
Netscape cookie specification]" mentioned in the
[https://tools.ietf.org/html/rfc6265#section-1 introduction of RFC 6265].
Perhaps IE understands only that format
https://blogs.msdn.microsoft.com/ieinternals/2009/08/20/internet-explorer-
cookie-internals-faq/.
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:3>
Django
Reporter: Alexey | Owner: nobody
Type: Bug | Status: new
Component: Utilities | Version: 2.0
Keywords: cookie | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Sergey Fedoseev):
* cc: Sergey Fedoseev (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:4>
Django
--------------------------------------+------------------------------------
Reporter: Alexey | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Utilities | Version: 2.0
Severity: Normal | Resolution:
Keywords: cookie | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Tim Graham):
* type: Bug => Cleanup/optimization
* stage: Unreviewed => Accepted
Comment:
Hopefully nothing will break if we follow the newest RFC.
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:5>
Django
--------------------------------------+------------------------------------
Type: Cleanup/optimization | Status: new
Component: Utilities | Version: 2.0
Severity: Normal | Resolution:
Keywords: cookie | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Alexey):
For me it just cosmetic change.
I think that there is no reason to support browser that is already
unsupported.
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:6>
Django
--------------------------------------+------------------------------------
Type: Cleanup/optimization | Status: assigned
Component: Utilities | Version: 2.0
Severity: Normal | Resolution:
Keywords: cookie | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Alexey):
* owner: nobody => Alexey
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:7>
Django
--------------------------------------+------------------------------------
Reporter: Alexey | Owner: Alexey
Type: Cleanup/optimization | Status: assigned
Severity: Normal | Resolution:
Keywords: cookie | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Alexey):
* has_patch: 0 => 1
Comment:
[https://github.com/django/django/pull/9499 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:8>
Django
--------------------------------------+------------------------------------
Reporter: Alexey | Owner: Alexey
Type: Cleanup/optimization | Status: assigned
Severity: Normal | Resolution:
Keywords: cookie | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
Changes (by Tim Graham):
* needs_better_patch: 0 => 1
Comment:
I left some comments for improvement on the PR.
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:9>
Django
--------------------------------------+------------------------------------
Reporter: Alexey | Owner: Alexey
Type: Cleanup/optimization | Status: assigned
Severity: Normal | Resolution:
Keywords: cookie | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Tim Graham):
* needs_better_patch: 1 => 0
Comment:
I updated the patch to switch usages of `cookie_date()` to `http_date()`
and added a commit to deprecate the now unused `cookie_date()` function.
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:10>
Django
--------------------------------------+------------------------------------
Reporter: Alexey | Owner: Alexey
Type: Cleanup/optimization | Status: assigned
Severity: Normal | Resolution:
Keywords: cookie | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Alexey):
Thanks for a help, Tim!
Should i do anything else with PR?
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:11>
Django
--------------------------------------+------------------------------------
Reporter: Alexey | Owner: Alexey
Component: Utilities | Version: 2.0
Severity: Normal | Resolution: fixed
Keywords: cookie | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"0afffae4ecb660f2ecb94a756c2ab7729654ecf6" 0afffae4]:
{{{
#!CommitTicketReference repository=""
revision="0afffae4ecb660f2ecb94a756c2ab7729654ecf6"
Fixed #28965 -- Updated Set-Cookie's Expires date format to follow RFC
7231.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:12>
Django
--------------------------------------+------------------------------------
Reporter: Alexey | Owner: Alexey
Type: Cleanup/optimization | Status: closed
Severity: Normal | Resolution: fixed
Keywords: cookie | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"ab7f4c330629f24f006a35729ee0d758711312fa" ab7f4c33]:
{{{
#!CommitTicketReference repository=""
revision="ab7f4c330629f24f006a35729ee0d758711312fa"
Refs #28965 -- Deprecated unused django.utils.http.cookie_date().
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:13>
Django
--------------------------------------+------------------------------------
Reporter: Alexey | Owner: Alexey
Type: Cleanup/optimization | Status: closed
Severity: Normal | Resolution: fixed
Keywords: cookie | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"958a7b4ca69434d0145fd569cf007e21841bb36c" 958a7b4c]:
{{{
#!CommitTicketReference repository=""
revision="958a7b4ca69434d0145fd569cf007e21841bb36c"
Refs #28965 -- Removed utils.http.cookie_date() per deprecation timeline.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28965#comment:14>