Patch http-parse-set-cookie.patch corrects the behavior, producing:
expires="Sun, 25-Oct-2015 04:35:13 GMT"
The patch does the following:
Function parse_set_cookie() is no longer fed response.header["set-cookie"], which is a concatenation of all the cookie definitions. Instead the function is invoked on each Set-Cookie header separately, before they are joined, inside parse_header().
This allows removal of unnecessary outer looping construct while true do ... end from the cookie parsing code.
Swaps the position of functions parse_set_cookie() and parse_header() inside http.lua. This is necessary due to the moved invocation point for parse_set_cookie().
The last two changes visually inflate the patch quite a lot but a smart diff can see through it.
Case 2: Comma Splitting
Consider the following HTTP response:
Set-Cookie: c1=aaa; path=/bbb/ccc,ddd/eee
Note that this is a legitimate path. (See W3C and RFC 6265 for details.)
The current code parses the header as follows:
Patch http-parse-set-cookie-comma.patch corrects the behavior by removing special parsing of the comma from parse_set_cookie(). The parsing is not needed any more due to the function now processing only one header at a time.
Finally I am proposing a clean-up of parse_set_cookie() code, removing unnecessary checks like if pos <= #s and converting string functional calls to the object notation. See patch http-parse-set-cookie-cleanup.patch.
The patches are meant to be applied in this order:
The text was updated successfully, but these errors were encountered:
I see two modifications, compared to what I proposed:
Variable value is declared at the time of its first use
Positions of the two functions, parse_set_cookie() and parse_header(), within http.lua have been restored
I have no problem with the first one. It is cleaner this way. The reason why I did not do that is that in another patch earlier this year my late variable declaration was moved by the committing person to the beginning of the function. So I am a bit struggling to follow the coding culture of this project.
With respect to the second change, I swapped the function positions to address the following error:
nselib/http.lua:697: variable 'parse_set_cookie' is not declared
I am getting this error again with the latest modifications.
Great, I fixed the undeclared variable problem by declaring it local just above parse_header, then defining it later. I only moved it to minimize the diff and make the changes clearer. I'll apply this, then. Thanks for continuing to provide great feedback and excellent improvements!