[issue22296] cookielib uses time.time(), making incorrect checks of expiration times in cookies
Rebecka added the comment: Akira is correct: using time.mktime to produce the expiration date for the cookie is wrong (thank you very much for the pointers!). Using e.g. http.cookiejar.http2time with a HTTP formatted date string gives a correct time stamp (with which cookie.is_expired succeeds), so this was not a bug (just user error...). -- resolution: - not a bug status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22296 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22296] cookielib uses time.time(), making incorrect checks of expiration times in cookies
Changes by Berker Peksag berker.pek...@gmail.com: -- stage: needs patch - resolved ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22296 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22296] cookielib uses time.time(), making incorrect checks of expiration times in cookies
Rebecka added the comment: I've checked and an updated test file for 3.4 shows the same behaviour in the renamed module http.cookiejar. Even though no standard exists I hope 3.4+ would be changed to simplify the cookie handling, since there is a lot of hassle converting UTC times to local times (which in general should be avoided to avoid introducing further problems with e.g. daylight savings). -- Added file: http://bugs.python.org/file36519/cookie_timestamp_test_3.4.py ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22296 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22296] cookielib uses time.time(), making incorrect checks of expiration times in cookies
Akira Li added the comment: time.time() returns the current time in seconds since Epoch it is neither local nor UTC time. It can be converted to both. You can get local time using datetime.fromtimestamp(ts). You can get UTC time using datetime.utcfromtimestamp(ts) or to get an aware datetime object: datetime.fromtimestamp(ts, timezone.utc), where ts is the timestamp in seconds since Epoch. I don't know whether there is an issue with cookie.is_expired() but it is incorrect to use time.mktime() with UTC time tuple unless the local time is UTC. To get the timestamp from a datetime object, you could use .timestamp() method instead: from datetime import datetime, timezone now = datetime.now(timezone.utc) # the current time seconds_since_epoch = now.timestamp() seconds_since_epoch = time.time() # might be less precise -- nosy: +akira ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22296 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22296] cookielib uses time.time(), making incorrect checks of expiration times in cookies
Antoine Pitrou added the comment: Note the .timestamp() method will work correctly if the datetime object is expressed in *local time*, which is not what Rebecka's code uses. Otherwise the incantation is a bit more complex: https://docs.python.org/3/library/datetime.html#datetime.datetime.timestamp (also .timestamp() doesn't exist in 2.7, in which case the manual computation must also be used) -- nosy: +pitrou ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22296 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22296] cookielib uses time.time(), making incorrect checks of expiration times in cookies
Akira Li added the comment: timestamp() method works correctly for an aware datetime objects as in my example (notice: timezone.utc in the code). The issue is not that it is a manual computation, the issue is that it is incorrect: #XXX WRONG, DO NOT DO IT time.mktime(datetime.datetime.utcnow().timetuple()) On older Python versions, given a utc time as a naive datetime object, POSIX timestamp is: ts = (utc_dt - datetime(1970, 1, 1)).total_seconds() utc_dt = datetime(1970, 1, 1) + timedelta(seconds=ts) # in reverse -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22296 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22296] cookielib uses time.time(), making incorrect checks of expiration times in cookies
Akira Li added the comment: The last example assumes that time.gmtime(0) is 1970-01-01 00:00:00Z (otherwise time.time() may return different timestamp) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22296 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22296] cookielib uses time.time(), making incorrect checks of expiration times in cookies
New submission from Rebecka: The cookielib module uses time.time(), which produces a timestamp in the local timezone (as read from the system time?), as the timestamp against which expiration dates in cookies are compared. However, typical usage of HTTP cookies would be specifying the expiration date in UTC. This assumption seems to be supported for example by the inclusion of cookielib.http2time, which (only) supports UTC timestamps. This behaviour is also included in e.g. MozillaCookieJar, which (erroneously) excludes cookies from being saved/loaded based on the local timestamp from time.time(). See the attached file for a small example where the check if a cookie is expired against a UTC time is correct but the check against local time fails (simulating the behaviour of the cookielib module). -- components: Library (Lib) files: cookie_timestamp_test.py messages: 226056 nosy: regu0004 priority: normal severity: normal status: open title: cookielib uses time.time(), making incorrect checks of expiration times in cookies type: behavior versions: Python 2.7 Added file: http://bugs.python.org/file36502/cookie_timestamp_test.py ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22296 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22296] cookielib uses time.time(), making incorrect checks of expiration times in cookies
Terry J. Reedy added the comment: If you have not, please check if this issue applies to 3.4, and post a 3.4 version of the test file. In the absence of a standard, I am not sure if this is a bug, and even if we call it such, whether 2.7 should be changed. -- nosy: +terry.reedy stage: - needs patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22296 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
