You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/10/12 18:34:57 UTC
[tomcat] branch 8.5.x updated: Use a valid date format for the expires attribute of a cookie
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 9c78c2e66a Use a valid date format for the expires attribute of a cookie
9c78c2e66a is described below
commit 9c78c2e66a409653f22398506e03e92c2ee79f29
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Oct 12 19:28:03 2022 +0100
Use a valid date format for the expires attribute of a cookie
Note: The format used prior to this change is not listed as a valid
format in any of the relevant specifications.
---
java/org/apache/tomcat/util/http/CookieProcessorBase.java | 2 +-
.../apache/tomcat/util/http/TestCookieProcessorGeneration.java | 2 +-
webapps/docs/changelog.xml | 9 +++++++++
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/CookieProcessorBase.java b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
index f00fc95046..8c4dc1e449 100644
--- a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
+++ b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
@@ -27,7 +27,7 @@ import javax.servlet.http.HttpServletRequest;
public abstract class CookieProcessorBase implements CookieProcessor {
- private static final String COOKIE_DATE_PATTERN = "EEE, dd-MMM-yyyy HH:mm:ss z";
+ private static final String COOKIE_DATE_PATTERN = "EEE, dd MMM yyyy HH:mm:ss z";
protected static final ThreadLocal<DateFormat> COOKIE_DATE_FORMAT =
new ThreadLocal<DateFormat>() {
diff --git a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
index ef0ffc94ab..a58004c2f3 100644
--- a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
+++ b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
@@ -188,7 +188,7 @@ public class TestCookieProcessorGeneration {
@Test
public void v1TestMaxAgeZero() {
doV1TestMaxAge(0, "foo=bar; Version=1; Max-Age=0",
- "foo=bar; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT");
+ "foo=bar; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT");
}
@Test
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b80f38b47d..a30788b515 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 8.5.84 (schultz)" rtext="in development">
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Correct the date format used with the expires attribute of HTTP cookies.
+ A single space rather than a single dash should be used to separate the
+ day, month and year components to be compliant with RFC 6265. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Other">
<changelog>
<update>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org