Hi, I've been thinking a little bit about it, and have some input on the matter. ons 2004-10-20 klockan 18:58 -0300 skrev Jorge Arellano Cid:
On Wed, Oct 20, 2004 at 08:18:20PM +0800, Russell J. Wood wrote:
Hello Dilldoers =b
Would the said bug be because the Set-Cookie entity sent from advogato.org is not RFC compliant?
Here is what I received:
Set-Cookie: id=<data>; path=/; Expires=Thursday, 20-Oct-2005 11:57:18 GMT
I'm under the impression the Expires attribute is meant to be as:
Wdy, DD-MM-YYYY HH:MM:SS GMT
Therefore, because the Weekday isn't in an abbreviated form it is being discarded?
Could be...
This is my second answer because I made some mistakes...
AFAIK, the most current RFC for cookies is RFC-2965, but it doesn't say a word about the Expires format.
The previous spec, RFC-2109 says:
It should be noted here that this is said in the "historical" section. And that "Expires" never has been part of an RFC (IIRC).
<q> Netscape's original proposal defined an Expires header that took a date value in a fixed-length variant format in place of Max-Age:
Wdy, DD-Mon-YY HH:MM:SS GMT </q>
Note that YY is using two chars here, and that not a word is said about 'Wdy'.
[snip]
So that's it. It seems there are four legacy but legal formats:
Wdy, DD-Mon-YY HH:MM:SS GMT Wdy, DD-Mon-YYYY HH:MM:SS GMT Weekday, DD-Mon-YY HH:MM:SS GMT Weekday, DD-Mon-YYYY HH:MM:SS GMT
with the second one being the most "correct".
I want to point out here that we don't use the weekday part in any way, so it can be discarded. And the year part is parsed with strtol() in a way that it doesn't matter if it's two or four chars long (there is a check right after it to account for both cases).
BTW, the site that Kelson pointed to as an example that uses cookies and locks dillo on a CPU hog, uses:
Wdy, DD-Mon-YY HH:MM:SS GMT
so it's currently ignored.
I'm working on it now, and found this interesting fact while testing http://mosquito.wordpress.org/view_all_bug_page.php.
AFAIS, we'll have to accept the four date formats...
I agree. In a perfect world the "Max-Age" attribute would be used everywhere. However, "Expires" has become a de-facto standard (and a badly defined such) which needs alot of "special attention" but it's also a must to have working cookies.
Does anyone know better?
Not really... :-)
Does anyone Wanna' try to find out? Comments out of simpathetic feelings to a maintainer having a hard time through the RFCs? :)
My advice: don't stare directly at it! ;-) Regards, Jörgen