Updating cookie format to be quoted to follow the RFC

Summary: We were including the '=' sign in our cookie. This is not valid according to the RFC unless the value is quoted. This breaking change adds those quotes to our cookie value. This was reported on Github with relation to Apache Tomcat which follows the RFC: http://github.com/facebook/connect-js/issues/#issue/2/comment/77244 This is the first breaking change since the initial alpha release. I've created a changelog.md file and linked it from the readme. Reviewed By: lshepard CC:platform-diffs@lists.facebook.com Test Plan: Ran tests. DiffCamp Revision: 75467
ddohnggo · Nov 20, 2009 · 363a4cd · 363a4cd
1 parent b1ee363
commit 363a4cd
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 6 deletions.
diff --git a/changelog.md b/changelog.md
@@ -0,0 +1,13 @@
+Cookie Format
+-------------
+
+*Date*: 20th November, 2009
+
+We were including the '=' sign in the cookie value which although works on many
+servers, is not actually valid accoring to [RFC2965][CookieRFC]. The correct
+way to include the '=' character is by having the cookie value be quoted.
+
+The result is that you will need to update your server side logic for parsing
+the Cookie to handle the quotes if needed.
+
+[CookieRFC]: http://www.faqs.org/rfcs/rfc2965.html
diff --git a/readme.md b/readme.md
@@ -81,6 +81,10 @@ you want to study the internals.
 We have a list of [FAQs][FAQs] that detail some of the changes and provide
 information about the new SDK.
 
+We are maintaining a [changelog][changelog] as we update the SDK. Since this is
+an Alpha SDK, we might need to break compatibility between releases if the need
+arises.
+
 The repository also contains simple [examples][examples] showing the use of the
 SDK with popular JavaScript libraries such as [Dojo][Dojo], [jQuery][jQuery],
 [MooTools][MooTools], [Prototype][Prototype] and [YUI][YUI].
@@ -93,6 +97,7 @@ SDK with popular JavaScript libraries such as [Dojo][Dojo], [jQuery][jQuery],
 [Prototype]: http://prototypejs.org/
 [YUI]: http://developer.yahoo.com/yui/
 [FAQs]: http://wiki.github.com/facebook/connect-js/faq
+[changelog]: http://github.com/facebook/connect-js/tree/master/changelog.md
 [examples]: http://github.com/facebook/connect-js/tree/master/examples/
 
 

diff --git a/src/core/cookie.js b/src/core/cookie.js
@@ -62,15 +62,16 @@ FB.copy('Cookie', {
    */
   load: function() {
     var
-      cookie = document.cookie.match('\\b' +'fbs_' + FB._apiKey+ '=([^;]*)\\b'),
-      session,
-      expires;
+      // note, we have the opening quote (") for the value in the regex, but do
+      // not have a closing quote. this is because the \b already handles it.
+      cookie = document.cookie.match('\\bfbs_' + FB._apiKey + '="([^;]*)\\b'),
+      session;
 
     if (cookie) {
       // url encoded session stored as "sub-cookies"
       session = FB.QS.decode(cookie[1]);
       // decodes as a string, convert to a number
-      expires = session.expires = parseInt(session.expires, 10);
+      session.expires = parseInt(session.expires, 10);
       // capture base_domain for use when we need to clear
       FB.Cookie._domain = session.base_domain;
     }
@@ -88,7 +89,7 @@ FB.copy('Cookie', {
    */
   setRaw: function(val, timestamp, domain) {
     document.cookie =
-      'fbs_' + FB._apiKey + '=' + val +
+      'fbs_' + FB._apiKey + '="' + val + '"' +
       '; expires=' + new Date(timestamp * 1000).toGMTString() +
       '; path=/' +
       (domain ? '; domain=.' + domain : '');

diff --git a/tests/js/cookie.js b/tests/js/cookie.js
@@ -52,7 +52,7 @@ test(
     FB._apiKey = cookieApiKey;
 
     FB.Cookie.set({
-      expires: (10000 + (+new Date())) / 1000,
+      expires: (1000000 + (+new Date())) / 1000,
       base_domain: document.domain,
       answer: 42
     });