[jira] [Resolved] (HTTPCLIENT-1763) Invalid 'expires' attribute

Tue, 23 Aug 2016 06:04:58 -0700 

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleg Kalnichevski resolved HTTPCLIENT-1763.
-------------------------------------------
    Resolution: Invalid

The only 'expired' format permitted by [Netscape cookie 
draft|http://web.archive.org/web/20020803110822/http://wp.netscape.com/newsref/std/cookie_spec.html]
 is
{noformat}
Wdy, DD-Mon-YYYY HH:MM:SS GMT
{noformat}
which the cookie in question clearly violates.

However one can relax the default behavior by configuring the default plociy to 
use additional datetime formats. 

Moreover, the users of HttpClient 4.4 and newer are advised to use RFC 6265 
compliant policies instead of the default one. See HttpClient 4.4 release notes 
for details.

Oleg

> Invalid 'expires' attribute
> ---------------------------
>
>                 Key: HTTPCLIENT-1763
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1763
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>    Affects Versions: 4.5.2
>            Reporter: Oliver Stöneberg
>
> We updated HttpClient from 4.3.6 to 4.5.2 and suddenly these warnings started 
> appearing:
> [org.apache.http.client.protocol.ResponseProcessCookies] Invalid cookie 
> header: "Set-Cookie: PLAY_SESSION=; Max-Age=0; Expires=Tue, 23 Aug 2016 
> 11:40:12 GMT; Path=/; Secure; HTTPOnly". Invalid 'expires' attribute: Tue, 23 
> Aug 2016 11:40:12 GMT
> Looks like this is actually a valid date according to several references:
> https://en.wikipedia.org/wiki/HTTP_cookie#Expires_and_Max-Age
> https://issues.apache.org/jira/browse/HTTPCLIENT-773
> https://issues.apache.org/jira/browse/HTTPCLIENT-1077
> https://issues.apache.org/jira/browse/HTTPCLIENT-923
> We are not using any specific sookie spec, so CookieSpecs.DEFAULT is being 
> used.
> Looking at the source DefaultCookieSpec is being used which detects the 
> netscape format by looking at "expires" in the "Set-Cookie" handler which 
> leads to NetscapeDraftSpec feeding BasicExpiresHandler the 
> NetscapeDraftSpec.EXPIRES_PATTERN which looks wrong to me.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to