Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Switch to RFC 2822 expires

  • Loading branch information...
commit 5e0a9413a80e9b0aa8a74bfc806fb20f2ea0bf3c 1 parent aea54b6
@raggi raggi authored
Showing with 31 additions and 10 deletions.
  1. +24 −3 lib/rack/utils.rb
  2. +7 −7 test/spec_response.rb
View
27 lib/rack/utils.rb
@@ -250,10 +250,31 @@ def set_cookie_header!(header, key, value)
domain = "; domain=" + value[:domain] if value[:domain]
path = "; path=" + value[:path] if value[:path]
max_age = "; max-age=" + value[:max_age] if value[:max_age]
- # According to RFC 2109, we need dashes here.
- # N.B.: cgi.rb uses spaces...
+ # There is an RFC mess in the area of date formatting for Cookies. Not
+ # only are there contradicting RFCs and examples within RFC text, but
+ # there are also numerous conflicting names of fields and partially
+ # cross-applicable specifications.
+ #
+ # These are best described in RFC 2616 3.3.1. This RFC text also
+ # specifies that RFC 822 as updated by RFC 1123 is preferred. That is a
+ # fixed length format with space-date delimeted fields.
+ #
+ # See also RFC 1123 section 5.2.14.
+ #
+ # RFC 6265 also specifies "sane-cookie-date" as RFC 1123 date, defined
+ # in RFC 2616 3.3.1. RFC 6265 also gives examples that clearly denote
+ # the space delimited format. These formats are compliant with RFC 2822.
+ #
+ # For reference, all involved RFCs are:
+ # RFC 822
+ # RFC 1123
+ # RFC 2109
+ # RFC 2616
+ # RFC 2822
+ # RFC 2965
+ # RFC 6265
expires = "; expires=" +
- rfc2109(value[:expires].clone.gmtime) if value[:expires]
+ rfc2822(value[:expires].clone.gmtime) if value[:expires]
secure = "; secure" if value[:secure]
httponly = "; HttpOnly" if value[:httponly]
value = value[:value]
View
14 test/spec_response.rb
@@ -65,12 +65,12 @@
response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n")
end
- it "formats the Cookie expiration date accordingly to RFC 2109" do
+ it "formats the Cookie expiration date accordingly to RFC 6265" do
response = Rack::Response.new
response.set_cookie "foo", {:value => "bar", :expires => Time.now+10}
response["Set-Cookie"].should.match(
- /expires=..., \d\d-...-\d\d\d\d \d\d:\d\d:\d\d .../)
+ /expires=..., \d\d ... \d\d\d\d \d\d:\d\d:\d\d .../)
end
it "can set secure cookies" do
@@ -92,7 +92,7 @@
response.delete_cookie "foo"
response["Set-Cookie"].should.equal [
"foo2=bar2",
- "foo=; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT"
+ "foo=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"
].join("\n")
end
@@ -102,10 +102,10 @@
response.set_cookie "foo", {:value => "bar", :domain => ".example.com"}
response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n")
response.delete_cookie "foo", :domain => ".example.com"
- response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=; domain=.example.com; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT"].join("\n")
+ response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=; domain=.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"].join("\n")
response.delete_cookie "foo", :domain => "sample.example.com"
- response["Set-Cookie"].should.equal ["foo=; domain=.example.com; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT",
- "foo=; domain=sample.example.com; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT"].join("\n")
+ response["Set-Cookie"].should.equal ["foo=; domain=.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000",
+ "foo=; domain=sample.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"].join("\n")
end
it "can delete cookies with the same name with different paths" do
@@ -117,7 +117,7 @@
response.delete_cookie "foo", :path => "/path"
response["Set-Cookie"].should.equal ["foo=bar; path=/",
- "foo=; path=/path; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT"].join("\n")
+ "foo=; path=/path; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"].join("\n")
end
it "can do redirects" do
Please sign in to comment.
Something went wrong with that request. Please try again.