[Django] #25644: Setting a cookie after deletion should not keep 1970 as expiry date

4 views
Skip to first unread message

Django

unread,
Oct 30, 2015, 2:16:27 PM10/30/15
to django-...@googlegroups.com
#25644: Setting a cookie after deletion should not keep 1970 as expiry date
-------------------------------+--------------------------
Reporter: rollokb | Owner: nobody
Type: Uncategorized | Status: new
Component: HTTP handling | Version: 1.8
Severity: Normal | Keywords: cookies http
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------+--------------------------
If I delete a cookie, and then set it again, the cookie's expiration date
will be `Thu, 01-Jan-1970 00:00:00 GMT` meaning that it is still slated
for deletion.

A failing test I wrote to verify this.

https://github.com/rollokb/django/blob/bba4aa289771c8d6a190d41125a4cd6ac0bfe821/tests/requests/tests.py#L202-L209

--
Ticket URL: <https://code.djangoproject.com/ticket/25644>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Oct 30, 2015, 2:32:32 PM10/30/15
to django-...@googlegroups.com
#25644: Setting a cookie after deletion should not keep 1970 as expiry date
-------------------------------+--------------------------------------
Reporter: rollokb | Owner: nobody
Type: Bug | Status: new

Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution:

Keywords: cookies http | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by rollokb):

* needs_better_patch: => 0
* type: Uncategorized => Bug
* needs_tests: => 0
* needs_docs: => 0


--
Ticket URL: <https://code.djangoproject.com/ticket/25644#comment:1>

Django

unread,
Oct 30, 2015, 2:47:38 PM10/30/15
to django-...@googlegroups.com
#25644: Setting a cookie after deletion should not keep 1970 as expiry date
-------------------------------+------------------------------------
Reporter: rollokb | Owner: nobody
Type: Bug | Status: new

Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution:
Keywords: cookies http | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
-------------------------------+------------------------------------
Changes (by timgraham):

* stage: Unreviewed => Accepted


--
Ticket URL: <https://code.djangoproject.com/ticket/25644#comment:2>

Django

unread,
Oct 30, 2015, 3:33:45 PM10/30/15
to django-...@googlegroups.com
#25644: Setting a cookie after deletion should not keep 1970 as expiry date
-------------------------------+------------------------------------
Reporter: rollokb | Owner: nobody
Type: Bug | Status: new

Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution:
Keywords: cookies http | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
-------------------------------+------------------------------------

Comment (by felixxm):

This seems easy to fix
{{{#!diff
--git a/django/http/response.py b/django/http/response.py
index ed5c14e..cdc098f 100644
--- a/django/http/response.py
+++ b/django/http/response.py
@@ -216,7 +216,7 @@ class HttpResponseBase(six.Iterator):

def delete_cookie(self, key, path='/', domain=None):
self.set_cookie(key, max_age=0, path=path, domain=domain,
- expires='Thu, 01-Jan-1970 00:00:00 GMT')
+ expires='')

# Common methods used by subclasses
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/25644#comment:3>

Django

unread,
Oct 30, 2015, 3:51:12 PM10/30/15
to django-...@googlegroups.com
#25644: Setting a cookie after deletion should not keep 1970 as expiry date
-------------------------------+------------------------------------
Reporter: rollokb | Owner: nobody
Type: Bug | Status: new

Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution:
Keywords: cookies http | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
-------------------------------+------------------------------------

Comment (by timgraham):

Will that still result in the browser deleting the cookie?

--
Ticket URL: <https://code.djangoproject.com/ticket/25644#comment:4>

Django

unread,
Oct 30, 2015, 4:01:02 PM10/30/15
to django-...@googlegroups.com
#25644: Setting a cookie after deletion should not keep 1970 as expiry date
-------------------------------+------------------------------------
Reporter: rollokb | Owner: nobody
Type: Bug | Status: new

Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution:
Keywords: cookies http | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
-------------------------------+------------------------------------

Comment (by rollokb):

Replying to [comment:4 timgraham]:


> Will that still result in the browser deleting the cookie?

Tested, it doesn't.

--
Ticket URL: <https://code.djangoproject.com/ticket/25644#comment:5>

Django

unread,
Oct 30, 2015, 6:24:32 PM10/30/15
to django-...@googlegroups.com
#25644: Setting a cookie after deletion should not keep 1970 as expiry date
-------------------------------+---------------------------------------
Reporter: rollokb | Owner: raphaelmerx
Type: Bug | Status: assigned

Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution:
Keywords: cookies http | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
-------------------------------+---------------------------------------
Changes (by raphaelmerx):

* owner: nobody => raphaelmerx
* status: new => assigned


--
Ticket URL: <https://code.djangoproject.com/ticket/25644#comment:6>

Django

unread,
Oct 31, 2015, 9:52:32 AM10/31/15
to django-...@googlegroups.com
#25644: Setting a cookie after deletion should not keep 1970 as expiry date
-------------------------------+---------------------------------------
Reporter: rollokb | Owner: raphaelmerx
Type: Bug | Status: assigned
Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution:
Keywords: cookies http | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
-------------------------------+---------------------------------------
Changes (by timgraham):

* has_patch: 0 => 1


Comment:

[https://github.com/django/django/pull/5523 PR]

--
Ticket URL: <https://code.djangoproject.com/ticket/25644#comment:7>

Django

unread,
Nov 18, 2015, 7:54:30 AM11/18/15
to django-...@googlegroups.com
#25644: Setting a cookie after deletion should not keep 1970 as expiry date
-------------------------------+---------------------------------------
Reporter: rollokb | Owner: raphaelmerx
Type: Bug | Status: closed

Component: HTTP handling | Version: 1.8
Severity: Normal | Resolution: fixed

Keywords: cookies http | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 1 | UI/UX: 0
-------------------------------+---------------------------------------
Changes (by Tim Graham <timograham@…>):

* status: assigned => closed
* resolution: => fixed


Comment:

In [changeset:"0a19f8d4fc864de481eac1b76c799ffd6ced4e91" 0a19f8d]:
{{{
#!CommitTicketReference repository=""
revision="0a19f8d4fc864de481eac1b76c799ffd6ced4e91"
Fixed #25644 -- Fixed reset cookie expiry date bug.

Setting a cookie with the same name as a previously deleted cookie
would set its expiry date to 'Thu, 01-Jan-1970 00:00:00 GMT'.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/25644#comment:8>

Reply all
Reply to author
Forward
0 new messages