You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/10/12 18:34:24 UTC
[tomcat] branch 9.0.x updated: Use a valid date format for the expires attribute of a cookie
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new d641a43b8a Use a valid date format for the expires attribute of a cookie
d641a43b8a is described below
commit d641a43b8a1a0a09862e101c304d2874b0771c6e
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Oct 12 19:28:03 2022 +0100
Use a valid date format for the expires attribute of a cookie
Note: The format used prior to this change is not listed as a valid
format in any of the relevant specifications.
---
java/org/apache/tomcat/util/http/CookieProcessorBase.java | 2 +-
.../apache/tomcat/util/http/TestCookieProcessorGeneration.java | 2 +-
webapps/docs/changelog.xml | 9 +++++++++
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/CookieProcessorBase.java b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
index 47fbe58f69..5c3b08bfd9 100644
--- a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
+++ b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
@@ -24,7 +24,7 @@ import java.util.TimeZone;
public abstract class CookieProcessorBase implements CookieProcessor {
- private static final String COOKIE_DATE_PATTERN = "EEE, dd-MMM-yyyy HH:mm:ss z";
+ private static final String COOKIE_DATE_PATTERN = "EEE, dd MMM yyyy HH:mm:ss z";
protected static final ThreadLocal<DateFormat> COOKIE_DATE_FORMAT =
ThreadLocal.withInitial(() -> {
diff --git a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
index ef0ffc94ab..a58004c2f3 100644
--- a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
+++ b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
@@ -188,7 +188,7 @@ public class TestCookieProcessorGeneration {
@Test
public void v1TestMaxAgeZero() {
doV1TestMaxAge(0, "foo=bar; Version=1; Max-Age=0",
- "foo=bar; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT");
+ "foo=bar; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT");
}
@Test
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 230a790e20..fc319f9831 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 9.0.68 (remm)" rtext="in development">
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Correct the date format used with the expires attribute of HTTP cookies.
+ A single space rather than a single dash should be used to separate the
+ day, month and year components to be compliant with RFC 6265. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Other">
<changelog>
<update>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org