Skip to content
Browse files

Updating cookie format to be quoted to follow the RFC

Summary:
We were including the '=' sign in our cookie. This is not valid according to
the RFC unless the value is quoted. This breaking change adds those quotes to
our cookie value. This was reported on Github with relation to Apache Tomcat
which follows the RFC:
http://github.com/facebook/connect-js/issues/#issue/2/comment/77244

This is the first breaking change since the initial alpha release. I've created
a changelog.md file and linked it from the readme.

Reviewed By: lshepard

CC:platform-diffs@lists.facebook.com

Test Plan: Ran tests.

DiffCamp Revision: 75467
  • Loading branch information...
1 parent b1ee363 commit 363a4cdae92e968ae167fb0b98e086fadb995b0f @daaku daaku committed
Showing with 25 additions and 6 deletions.
  1. +13 −0 changelog.md
  2. +5 −0 readme.md
  3. +6 −5 src/core/cookie.js
  4. +1 −1 tests/js/cookie.js
View
13 changelog.md
@@ -0,0 +1,13 @@
+Cookie Format
+-------------
+
+*Date*: 20th November, 2009
+
+We were including the '=' sign in the cookie value which although works on many
+servers, is not actually valid accoring to [RFC2965][CookieRFC]. The correct
+way to include the '=' character is by having the cookie value be quoted.
+
+The result is that you will need to update your server side logic for parsing
+the Cookie to handle the quotes if needed.
+
+[CookieRFC]: http://www.faqs.org/rfcs/rfc2965.html
View
5 readme.md
@@ -81,6 +81,10 @@ you want to study the internals.
We have a list of [FAQs][FAQs] that detail some of the changes and provide
information about the new SDK.
+We are maintaining a [changelog][changelog] as we update the SDK. Since this is
+an Alpha SDK, we might need to break compatibility between releases if the need
+arises.
+
The repository also contains simple [examples][examples] showing the use of the
SDK with popular JavaScript libraries such as [Dojo][Dojo], [jQuery][jQuery],
[MooTools][MooTools], [Prototype][Prototype] and [YUI][YUI].
@@ -93,6 +97,7 @@ SDK with popular JavaScript libraries such as [Dojo][Dojo], [jQuery][jQuery],
[Prototype]: http://prototypejs.org/
[YUI]: http://developer.yahoo.com/yui/
[FAQs]: http://wiki.github.com/facebook/connect-js/faq
+[changelog]: http://github.com/facebook/connect-js/tree/master/changelog.md
[examples]: http://github.com/facebook/connect-js/tree/master/examples/
View
11 src/core/cookie.js
@@ -62,15 +62,16 @@ FB.copy('Cookie', {
*/
load: function() {
var
- cookie = document.cookie.match('\\b' +'fbs_' + FB._apiKey+ '=([^;]*)\\b'),
- session,
- expires;
+ // note, we have the opening quote (") for the value in the regex, but do
+ // not have a closing quote. this is because the \b already handles it.
+ cookie = document.cookie.match('\\bfbs_' + FB._apiKey + '="([^;]*)\\b'),
+ session;
if (cookie) {
// url encoded session stored as "sub-cookies"
session = FB.QS.decode(cookie[1]);
// decodes as a string, convert to a number
- expires = session.expires = parseInt(session.expires, 10);
+ session.expires = parseInt(session.expires, 10);
// capture base_domain for use when we need to clear
FB.Cookie._domain = session.base_domain;
}
@@ -88,7 +89,7 @@ FB.copy('Cookie', {
*/
setRaw: function(val, timestamp, domain) {
document.cookie =
- 'fbs_' + FB._apiKey + '=' + val +
+ 'fbs_' + FB._apiKey + '="' + val + '"' +
'; expires=' + new Date(timestamp * 1000).toGMTString() +
'; path=/' +
(domain ? '; domain=.' + domain : '');
View
2 tests/js/cookie.js
@@ -52,7 +52,7 @@ test(
FB._apiKey = cookieApiKey;
FB.Cookie.set({
- expires: (10000 + (+new Date())) / 1000,
+ expires: (1000000 + (+new Date())) / 1000,
base_domain: document.domain,
answer: 42
});

0 comments on commit 363a4cd

Please sign in to comment.
Something went wrong with that request. Please try again.