You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/10/12 18:34:57 UTC

[tomcat] branch 8.5.x updated: Use a valid date format for the expires attribute of a cookie

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 9c78c2e66a Use a valid date format for the expires attribute of a cookie
9c78c2e66a is described below

commit 9c78c2e66a409653f22398506e03e92c2ee79f29
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Oct 12 19:28:03 2022 +0100

    Use a valid date format for the expires attribute of a cookie
    
    Note: The format used prior to this change is not listed as a valid
    format in any of the relevant specifications.
---
 java/org/apache/tomcat/util/http/CookieProcessorBase.java        | 2 +-
 .../apache/tomcat/util/http/TestCookieProcessorGeneration.java   | 2 +-
 webapps/docs/changelog.xml                                       | 9 +++++++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/http/CookieProcessorBase.java b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
index f00fc95046..8c4dc1e449 100644
--- a/java/org/apache/tomcat/util/http/CookieProcessorBase.java
+++ b/java/org/apache/tomcat/util/http/CookieProcessorBase.java
@@ -27,7 +27,7 @@ import javax.servlet.http.HttpServletRequest;
 
 public abstract class CookieProcessorBase implements CookieProcessor {
 
-    private static final String COOKIE_DATE_PATTERN = "EEE, dd-MMM-yyyy HH:mm:ss z";
+    private static final String COOKIE_DATE_PATTERN = "EEE, dd MMM yyyy HH:mm:ss z";
 
     protected static final ThreadLocal<DateFormat> COOKIE_DATE_FORMAT =
         new ThreadLocal<DateFormat>() {
diff --git a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
index ef0ffc94ab..a58004c2f3 100644
--- a/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
+++ b/test/org/apache/tomcat/util/http/TestCookieProcessorGeneration.java
@@ -188,7 +188,7 @@ public class TestCookieProcessorGeneration {
     @Test
     public void v1TestMaxAgeZero() {
         doV1TestMaxAge(0, "foo=bar; Version=1; Max-Age=0",
-                "foo=bar; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT");
+                "foo=bar; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT");
     }
 
     @Test
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b80f38b47d..a30788b515 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 8.5.84 (schultz)" rtext="in development">
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+        Correct the date format used with the expires attribute of HTTP cookies.
+        A single space rather than a single dash should be used to separate the
+        day, month and year components to be compliant with RFC 6265. (markt)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Other">
     <changelog>
       <update>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org