On Wed, Oct 20, 2004 at 08:18:20PM +0800, Russell J. Wood wrote:
Hello Dilldoers =b
Ehrmm, Dillodoers I'd say... :-)
Would the said bug be because the Set-Cookie entity sent from advogato.org is not RFC compliant?
Here is what I received:
Set-Cookie: id=<data>; path=/; Expires=Thursday, 20-Oct-2005 11:57:18 GMT
I'm under the impression the Expires attribute is meant to be as:
Wdy, DD-MM-YYYY HH:MM:SS GMT
Therefore, because the Weekday isn't in an abbreviated form it is being discarded?
Most probably. The timestamp parsing routine in cookies.c accepts: RFC-1123 | RFC-850 | ANSI asctime. Reviewing the SPECS though, it's interesting to note that the date format is not defined with precision inside them, especially the weekday. RFC2109 states it as: Wdy, DD-MM-YYYY HH:MM:SS GMT but it doesn't say whether 'Wdy' is three chars long... Netscape's original SPEC: http://www.danbbs.dk/~erikoest/hello.htm (this page has a quote at the bottom) says: <q> The date string is formatted as: Wdy, DD-Mon-YYYY HH:MM:SS GMT This is based on RFC 822, RFC 850, RFC 1036, and RFC 1123, with the variations that the only legal time zone is GMT and the separators between the elements of the date must be dashes. </q> Nothing about 'Wdy' length. Finally RFC 822 goes into the depth of defining the day format, and it does so as three chars long: <q> day = "Mon" / "Tue" / "Wed" / "Thu" / "Fri" / "Sat" / "Sun" </q> A long weekday is understandable as an interpretation of the SPEC (where it isn't defined). Moreover, the above mentioned URL, uses a long weekday as an example: <q> expires=Wednesday, 09-Nov-99 23:12:40 GMT </q> As you see, I'm not sure whether this long day is a SPEC violation or not. I'm more inclined to think it is an acceptable interpretation. Shall you find more evidence, or feel confident enough to modify Cookies_create_timestamp(), it may be included in 0.8.3. Comments, anyone? -- Cheers Jorge.-