Skip to content
This repository
Browse code

Switch to RFC 2822 expires

  • Loading branch information...
commit 5e0a9413a80e9b0aa8a74bfc806fb20f2ea0bf3c 1 parent aea54b6
James Tucker authored
27  lib/rack/utils.rb
@@ -250,10 +250,31 @@ def set_cookie_header!(header, key, value)
250 250
         domain  = "; domain="  + value[:domain] if value[:domain]
251 251
         path    = "; path="    + value[:path]   if value[:path]
252 252
         max_age = "; max-age=" + value[:max_age] if value[:max_age]
253  
-        # According to RFC 2109, we need dashes here.
254  
-        # N.B.: cgi.rb uses spaces...
  253
+        # There is an RFC mess in the area of date formatting for Cookies. Not
  254
+        # only are there contradicting RFCs and examples within RFC text, but
  255
+        # there are also numerous conflicting names of fields and partially
  256
+        # cross-applicable specifications.
  257
+        #
  258
+        # These are best described in RFC 2616 3.3.1. This RFC text also
  259
+        # specifies that RFC 822 as updated by RFC 1123 is preferred. That is a
  260
+        # fixed length format with space-date delimeted fields.
  261
+        #
  262
+        # See also RFC 1123 section 5.2.14.
  263
+        #
  264
+        # RFC 6265 also specifies "sane-cookie-date" as RFC 1123 date, defined
  265
+        # in RFC 2616 3.3.1. RFC 6265 also gives examples that clearly denote
  266
+        # the space delimited format. These formats are compliant with RFC 2822.
  267
+        #
  268
+        # For reference, all involved RFCs are:
  269
+        # RFC 822
  270
+        # RFC 1123
  271
+        # RFC 2109
  272
+        # RFC 2616
  273
+        # RFC 2822
  274
+        # RFC 2965
  275
+        # RFC 6265
255 276
         expires = "; expires=" +
256  
-          rfc2109(value[:expires].clone.gmtime) if value[:expires]
  277
+          rfc2822(value[:expires].clone.gmtime) if value[:expires]
257 278
         secure = "; secure"  if value[:secure]
258 279
         httponly = "; HttpOnly" if value[:httponly]
259 280
         value = value[:value]
14  test/spec_response.rb
@@ -65,12 +65,12 @@
65 65
     response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n")
66 66
   end
67 67
 
68  
-  it "formats the Cookie expiration date accordingly to RFC 2109" do
  68
+  it "formats the Cookie expiration date accordingly to RFC 6265" do
69 69
     response = Rack::Response.new
70 70
 
71 71
     response.set_cookie "foo", {:value => "bar", :expires => Time.now+10}
72 72
     response["Set-Cookie"].should.match(
73  
-      /expires=..., \d\d-...-\d\d\d\d \d\d:\d\d:\d\d .../)
  73
+      /expires=..., \d\d ... \d\d\d\d \d\d:\d\d:\d\d .../)
74 74
   end
75 75
 
76 76
   it "can set secure cookies" do
@@ -92,7 +92,7 @@
92 92
     response.delete_cookie "foo"
93 93
     response["Set-Cookie"].should.equal [
94 94
       "foo2=bar2",
95  
-      "foo=; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT"
  95
+      "foo=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"
96 96
     ].join("\n")
97 97
   end
98 98
 
@@ -102,10 +102,10 @@
102 102
     response.set_cookie "foo", {:value => "bar", :domain => ".example.com"}
103 103
     response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n")
104 104
     response.delete_cookie "foo", :domain => ".example.com"
105  
-    response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=; domain=.example.com; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT"].join("\n")
  105
+    response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=; domain=.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"].join("\n")
106 106
     response.delete_cookie "foo", :domain => "sample.example.com"
107  
-    response["Set-Cookie"].should.equal ["foo=; domain=.example.com; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT",
108  
-                                         "foo=; domain=sample.example.com; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT"].join("\n")
  107
+    response["Set-Cookie"].should.equal ["foo=; domain=.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000",
  108
+                                         "foo=; domain=sample.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"].join("\n")
109 109
   end
110 110
 
111 111
   it "can delete cookies with the same name with different paths" do
@@ -117,7 +117,7 @@
117 117
 
118 118
     response.delete_cookie "foo", :path => "/path"
119 119
     response["Set-Cookie"].should.equal ["foo=bar; path=/",
120  
-                                         "foo=; path=/path; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT"].join("\n")
  120
+                                         "foo=; path=/path; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"].join("\n")
121 121
   end
122 122
 
123 123
   it "can do redirects" do

0 notes on commit 5e0a941

Please sign in to comment.
Something went wrong with that request. Please try again.