Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: expires cookie does not follow IETF RFC6265 specification for boundaries #17632

Closed
jchorl opened this issue Oct 27, 2016 · 1 comment

Comments

Projects
None yet
3 participants
@jchorl
Copy link
Contributor

commented Oct 27, 2016

What version of Go are you using (go version)?

1.7.1

What operating system and processor architecture are you using (go env)?

GOHOSTOS="darwin"
GOOS="darwin"
GOARCH="amd64"

What did you do?

https://play.golang.org/p/G_tVNv_Is7

What did you expect to see?

sample=val; Expires=Sat, 01 Jan 2000 10:04:02 GMT
sample=val; Expires=Sat, 01 Jan 1700 10:04:02 GMT

What did you see instead?

sample=val; Expires=Sat, 01 Jan 2000 10:04:02 GMT
sample=val

According to IETF RFC6265 section 5.2.1, the Expires attribute should be parsed as a cookie-date, as specified in section 5.1.1. The lower bound for the year field, as listed in section 5.1.1, should be 1601 inclusive ("Abort these steps and fail to parse the cookie-date if... the year-value is less than 1601"). However, go seems to use epoch as a lower bound, as can be found here: https://github.com/golang/go/blob/master/src/net/http/cookie.go#L171

@gopherbot

This comment has been minimized.

Copy link

commented Oct 27, 2016

CL https://golang.org/cl/32142 mentions this issue.

@rakyll rakyll changed the title Expires cookie does not follow IETF RFC6265 specification for boundaries net/http: expires cookie does not follow IETF RFC6265 specification for boundaries Oct 27, 2016

@rakyll rakyll added this to the Go1.8 milestone Oct 27, 2016

@gopherbot gopherbot closed this in d86a6ef Oct 28, 2016

@golang golang locked and limited conversation to collaborators Oct 28, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.