>Number: 2233 >Category: mod_usertrack >Synopsis: Incorrect writing of the date string in cookies to MSIE >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri May 15 07:10:01 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3b6 >Environment: Solaris, gcc, etc. Probably not important. >Description: I wasn't able to get the mod_usertrack module (Apache 1.3b6) to write a dated cookie to MSIE browsers and I discovered after looking through Microsoft docs that the date string sent to set a cookie must be of the form:
expires=day, dd mm yr 00:00:00 GMT --while mod_usertrack sets the date with the string: expires=day, dd-mm-yr 00:00:00 GMT >How-To-Repeat: Attempt to set a cookie with an expiry date to MSIE. Cookie isn't accepted. Send a cookie without an expiry date and the cookie is accepted. (Changing the CookieExpires directive from format "2years" to 63072000 will not reformat the date string sent to the cookie, BTW) >Fix: The fix seems to be to change line 192 of mod_user_track.c from: "%s%s; path=/; expires=%s, %.2d-%s-%.2d %.2d:%.2d:%.2d GMT", to: "%s%s; path=/; expires=%s, %.2d %s %.2d %.2d:%.2d:%.2d GMT", Recompilation of module code without hyphens has resulted in successfully setting dated cookies to MSIE 3.x and 4.x on Win95 in addition to Netscape browsers. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
