Getting expires in a cookie set correctly
1,024 views
Skip to first unread message
tthatch90
Dec 10, 2014, 9:05:38 PM12/10/14
to golan...@googlegroups.com
Greetings,
I'm trying to set a response cookie in my program which works, but no matter what I try, I can't get the expires string to
1. Conform to the required format i.e. DAY, DD-MMM-YYYY HH:MM:SS GMT
2. Print in anything other than UTC
I've been stuck on this for hours hoping someone can help it's got to be something completely simple :/
Below is a snippet that illustrates the problem, output from running this is:
Thu, 18-Dec-2014 01:58:28 GMT
foo=bar; Path=/; Domain=example.com; Expires=Thu, 18 Dec 2014 01:58:28 UTC
So top string is what I want, string shown after Expires= is what I end up with :/
I'm using go 1.2.2 on x64 thanks in advance for any help!
/* begin code */
package main
import (
"fmt"
"net/http"
"os"
"time"
)
func main() {
// Time format for cookie expires string
const layout = "Mon, 02-Jan-2006 15:04:05 GMT"
loc, err := time.LoadLocation("GMT")
if err != nil {
os.Exit(1)
}
expires := time.Now().In(loc)
expires = expires.AddDate(0, 0, 7)
// Date, format and time zone (gmt) print correctly
fmt.Println(expires.In(loc).Format(layout))
cookie := new(http.Cookie)
cookie.Name = "foo"
cookie.Value = "bar"
cookie.Path = "/"
cookie.Domain = "example.com"
cookie.Expires = expires.In(loc)
cookie.RawExpires = expires.In(loc).Format(layout)
// Date correct, format and time zone (utc) incorrect
fmt.Println(cookie.String())
}
I'm trying to set a response cookie in my program which works, but no matter what I try, I can't get the expires string to
1. Conform to the required format i.e. DAY, DD-MMM-YYYY HH:MM:SS GMT
2. Print in anything other than UTC
I've been stuck on this for hours hoping someone can help it's got to be something completely simple :/
Below is a snippet that illustrates the problem, output from running this is:
Thu, 18-Dec-2014 01:58:28 GMT
foo=bar; Path=/; Domain=example.com; Expires=Thu, 18 Dec 2014 01:58:28 UTC
So top string is what I want, string shown after Expires= is what I end up with :/
I'm using go 1.2.2 on x64 thanks in advance for any help!
/* begin code */
package main
import (
"fmt"
"net/http"
"os"
"time"
)
func main() {
// Time format for cookie expires string
const layout = "Mon, 02-Jan-2006 15:04:05 GMT"
loc, err := time.LoadLocation("GMT")
if err != nil {
os.Exit(1)
}
expires := time.Now().In(loc)
expires = expires.AddDate(0, 0, 7)
// Date, format and time zone (gmt) print correctly
fmt.Println(expires.In(loc).Format(layout))
cookie := new(http.Cookie)
cookie.Name = "foo"
cookie.Value = "bar"
cookie.Path = "/"
cookie.Domain = "example.com"
cookie.Expires = expires.In(loc)
cookie.RawExpires = expires.In(loc).Format(layout)
// Date correct, format and time zone (utc) incorrect
fmt.Println(cookie.String())
}
Volker Dobler
Dec 11, 2014, 1:55:45 AM12/11/14
to golan...@googlegroups.com
First: Try to use Max-Age instead of Expires: This is more reliable as it does not
depend on server and client being properly synchronized.
Second: The Expires attribute of a valid Set-Cookie header (and that is what
the String method produce) is defined to be in UTC (GMT as defined
equal to UTC by RFC 2616), you do _not_ have a choice here.
V.
Volker Dobler
Dec 11, 2014, 4:23:04 AM12/11/14
to golan...@googlegroups.com
Two more:
Forth: If you have to deal with a buggy client which requires malformed
Third: The Expires attribute of a valid Set-Cookie header is fixed by RFC 6265
to be the format defined in RFC 1123 which lacks the dashes. If you want to
produce a _valid_ Set-Cookie header you should use the (correct) String method
and there is no need to fiddle with timezones and/or formats.
Forth: If you have to deal with a buggy client which requires malformed
Set-Cookie headers you'll have to build the HTTP header yourself, e.g. by
fmt.Sprintf and not with Cookies's String method.
V.
Am Donnerstag, 11. Dezember 2014 03:05:38 UTC+1 schrieb tthatch90:
Am Donnerstag, 11. Dezember 2014 03:05:38 UTC+1 schrieb tthatch90:
tthatch90
Dec 11, 2014, 9:51:40 AM12/11/14
to golan...@googlegroups.com
thanks for the response. I am aware of most of items you mention, what caused me to notice it wasn't be set as intended was it was being treated as a session cookie buy some clients and we were getting complaints.
I'll look into the options for manually setting the header it as I need it.
As an aside, not sure I like gos approach of silently "fixing" it for me, I'd rather it give an error/warning if I don't pass what it wants to use, but anyway.
cheers
I'll look into the options for manually setting the header it as I need it.
As an aside, not sure I like gos approach of silently "fixing" it for me, I'd rather it give an error/warning if I don't pass what it wants to use, but anyway.
cheers
Volker Dobler
Dec 11, 2014, 9:58:16 AM12/11/14
to golan...@googlegroups.com
Am Donnerstag, 11. Dezember 2014 15:51:40 UTC+1 schrieb tthatch90:
thanks for the response. I am aware of most of items you mention, what caused me to notice it wasn't be set as intended was it was being treated as a session cookie buy some clients and we were getting complaints.
I'll look into the options for manually setting the header it as I need it.
Can you disclose which client requires non-compliant Expires attributes?
As far as I can tell any browser still in use works properly with Max-Age
and RFC 1123 formated Expires attributes.
As an aside, not sure I like gos approach of silently "fixing" it for me, I'd rather it give an error/warning if I don't pass what it wants to use, but anyway.
IMHO this is not "fixing" but sticking to the spec. Cookie headers are pretty
well defined and there is no real reason to bother users with details of
something which has one (and only one) proper way of doing.
V.
Reply all
Reply to author
Forward
0 new messages