You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
sample=val; Expires=Sat, 01 Jan 2000 10:04:02 GMT
sample=val; Expires=Sat, 01 Jan 1700 10:04:02 GMT
What did you see instead?
sample=val; Expires=Sat, 01 Jan 2000 10:04:02 GMT
sample=val
According to IETF RFC6265 section 5.2.1, the Expires attribute should be parsed as a cookie-date, as specified in section 5.1.1. The lower bound for the year field, as listed in section 5.1.1, should be 1601 inclusive ("Abort these steps and fail to parse the cookie-date if... the year-value is less than 1601"). However, go seems to use epoch as a lower bound, as can be found here: https://github.com/golang/go/blob/master/src/net/http/cookie.go#L171
The text was updated successfully, but these errors were encountered:
rakyll
changed the title
Expires cookie does not follow IETF RFC6265 specification for boundaries
net/http: expires cookie does not follow IETF RFC6265 specification for boundaries
Oct 27, 2016
What version of Go are you using (
go version
)?1.7.1
What operating system and processor architecture are you using (
go env
)?GOHOSTOS="darwin"
GOOS="darwin"
GOARCH="amd64"
What did you do?
https://play.golang.org/p/G_tVNv_Is7
What did you expect to see?
sample=val; Expires=Sat, 01 Jan 2000 10:04:02 GMT
sample=val; Expires=Sat, 01 Jan 1700 10:04:02 GMT
What did you see instead?
sample=val; Expires=Sat, 01 Jan 2000 10:04:02 GMT
sample=val
According to IETF RFC6265 section 5.2.1, the Expires attribute should be parsed as a cookie-date, as specified in section 5.1.1. The lower bound for the year field, as listed in section 5.1.1, should be 1601 inclusive ("Abort these steps and fail to parse the cookie-date if... the year-value is less than 1601"). However, go seems to use epoch as a lower bound, as can be found here: https://github.com/golang/go/blob/master/src/net/http/cookie.go#L171
The text was updated successfully, but these errors were encountered: