You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2017/03/24 04:34:20 UTC

[Bug 60908] Add expires parameters in Apache-issued cookies

https://bz.apache.org/bugzilla/show_bug.cgi?id=60908

manu@netbsd.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #34872|0                           |1
           is patch|                            |

--- Comment #1 from manu@netbsd.org ---
Comment on attachment 34872
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34872
Add expires parameters in Apache-issued cookies

>Index: server/util_cookies.c
>===================================================================
>--- server/util_cookies.c	(revision 1788360)
>+++ server/util_cookies.c	(working copy)
>@@ -35,7 +35,8 @@
>  * @param val The value to place in the cookie.
>  * @param attrs The string containing additional cookie attributes. If NULL, the
>  *              DEFAULT_ATTRS will be used.
>- * @param maxage If non zero, a Max-Age header will be added to the cookie.
>+ * @param maxage If non zero, Max-Age and derived Expires header will be 
>+                 added to the cookie.
>  */
> AP_DECLARE(apr_status_t) ap_cookie_write(request_rec * r, const char *name, const char *val,
>                                          const char *attrs, long maxage, ...)
>@@ -49,7 +50,12 @@
>     /* handle expiry */
>     buffer = "";
>     if (maxage) {
>+        char expires[APR_RFC822_DATE_LEN];
>+
>         buffer = apr_pstrcat(r->pool, "Max-Age=", apr_ltoa(r->pool, maxage), ";", NULL);
>+
>+        if (apr_rfc822_date(expires, apr_time_now() + apr_time_from_sec(maxage)) == APR_SUCCESS)
>+            buffer = apr_pstrcat(r->pool, buffer, "Expires=", expires, ";", NULL);
>     }
> 
>     /* create RFC2109 compliant cookie */
>@@ -124,6 +130,7 @@
> 
>     /* create RFC2109 compliant cookie */
>     const char *rfc2109 = apr_pstrcat(r->pool, name, "=;Max-Age=0;",
>+                                "Expires=Thu, 01-Jan-1970 01:00:00 GMT;",
>                                 attrs ? attrs : CLEAR_ATTRS, NULL);
>     ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00009) LOG_PREFIX
>                   "user '%s' removed cookie: '%s'", r->user, rfc2109);

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org