You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Radu Coravu (JIRA)" <ji...@apache.org> on 2016/05/27 13:17:12 UTC
[jira] [Commented] (HTTPCLIENT-923) NetscapeDraftSpec is too strict
about cookie expires date format
[ https://issues.apache.org/jira/browse/HTTPCLIENT-923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15304050#comment-15304050 ]
Radu Coravu commented on HTTPCLIENT-923:
----------------------------------------
Using Apache HTTP Client 4.5.1 and any connection to a wiki page like:
https://ro.wikipedia.org/wiki/Pagina_principal%C4%83
reports this warning in the console:
{code}org.apache.http.client.protocol.ResponseProcessCookies - Invalid cookie header: "Set-Cookie: WMF-Last-Access=27-May-2016;Path=/;HttpOnly;secure;Expires=Tue, 28 Jun 2016 12:00:00 GMT". Invalid 'expires' attribute: Tue, 28 Jun 2016 12:00:00 GMT {code}
Does the code manage to recover and find the expiry date, should I just ignore the warning?
> NetscapeDraftSpec is too strict about cookie expires date format
> ----------------------------------------------------------------
>
> Key: HTTPCLIENT-923
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-923
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.0.1
> Reporter: Jörgen Rydenius
> Priority: Minor
> Labels: cookie, expires, jetty
> Fix For: 4.1 Alpha2
>
>
> The Netscape Draft specification (http://curl.haxx.se/rfc/cookie_spec.html) specifies clearly that the date format for Set-Cookie expires is "Wdy, DD-Mon-YYYY HH:MM:SS GMT". But on the other hand, in the examples section of the same document, the only example header that contains "Expires" is the following:
> Set-Cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT
> Note that the weekday is fully spelled out and that the year is written as two digits only. I would say that the specification therefore makes the 2 or 4 digit year optional. I think NetscapeDraftSpec should reflect this. An example of a product that uses the 2 digit version is jetty 6 and 7. When using httpclient 4 talking to a jetty server, any Set-Cookie headers for persistent cookies will be interpreted as a 4 digit year in the date and the cookie will immediately be disregarded as expired by some 2,000 years or so. Httpclient 3 on the other hand had no problem understanding the persistent cookies from jetty. I filed a bug report https://bugs.eclipse.org/bugs/show_bug.cgi?id=304698 on jetty to change their date format, but on the other hand I also think httpclient 4 is too strict about the date format when even the original specification uses two alternatives.
> Workaround is easy by setting CookieSpecPNames.DATE_PATTERNS, but I really think that projects like jetty and httpclient should be compatible by default. Also, since the date format used by jetty is parsable but misinterpreted and disregarded by httpclient makes it especially hard to detect the first time on encounters the problem.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org