On Thu, Oct 21, 2004 at 01:26:29AM +0200, Jorgen Viksell wrote:
Hi,
I've been thinking a little bit about it, and have some input on the matter.
ons 2004-10-20 klockan 18:58 -0300 skrev Jorge Arellano Cid:
On Wed, Oct 20, 2004 at 08:18:20PM +0800, Russell J. Wood wrote:
Hello Dilldoers =b
Would the said bug be because the Set-Cookie entity sent from advogato.org is not RFC compliant?
Here is what I received:
Set-Cookie: id=<data>; path=/; Expires=Thursday, 20-Oct-2005 11:57:18 GMT
I'm under the impression the Expires attribute is meant to be as:
Wdy, DD-MM-YYYY HH:MM:SS GMT
Therefore, because the Weekday isn't in an abbreviated form it is being discarded?
Could be...
This is my second answer because I made some mistakes...
AFAIK, the most current RFC for cookies is RFC-2965, but it doesn't say a word about the Expires format.
The previous spec, RFC-2109 says:
It should be noted here that this is said in the "historical" section. And that "Expires" never has been part of an RFC (IIRC).
FWIW: RFC-2965 says HTTP1.1 must use "Expires" in some conditions, but it doesn't define its syntax. The format is referred to as "old-date" RFC-2109 says the same and mentions a definition of "Expires" in an historical section.
[snip]
So that's it. It seems there are four legacy but legal formats:
Wdy, DD-Mon-YY HH:MM:SS GMT Wdy, DD-Mon-YYYY HH:MM:SS GMT Weekday, DD-Mon-YY HH:MM:SS GMT Weekday, DD-Mon-YYYY HH:MM:SS GMT
with the second one being the most "correct".
I want to point out here that we don't use the weekday part in any way, so it can be discarded. And the year part is parsed with strtol() in a way that it doesn't matter if it's two or four chars long (there is a check right after it to account for both cases).
Not that tolerant, the code _was_ discarding some cookies. I made a patch that accepts the four formats, and added some comments. I'm testing the patch with the one for the CPU-hog Kelson discovered.
BTW, the site that Kelson pointed to as an example that uses cookies and locks dillo on a CPU hog, uses:
Wdy, DD-Mon-YY HH:MM:SS GMT
so it's currently ignored.
I'm working on it now, and found this interesting fact while testing http://mosquito.wordpress.org/view_all_bug_page.php.
Kelson: mosquito's site works on my computer now! :-) Just allow me a couple of hours to test it some more (the new redirection loop code) before commiting to CVS.
AFAIS, we'll have to accept the four date formats...
I agree. In a perfect world the "Max-Age" attribute would be used everywhere. However, "Expires" has become a de-facto standard (and a badly defined such) which needs alot of "special attention" but it's also a must to have working cookies.
As for the SPEC, "Max-Age" is optional... At least now my tree is parsing the whole set.
Does anyone know better?
Not really... :-)
Good! :-) Then my patch will be cheerfully welcomed.
Does anyone Wanna' try to find out? Comments out of simpathetic feelings to a maintainer having a hard time through the RFCs? :)
My advice: don't stare directly at it! ;-)
Not again! :-) -- Cheers Jorge.-