Re: [PATCH] Cookies with blank expiry date
Date: Sat, 24 Oct 2009 21:11:45 +0100
On Wed, 14 Oct 2009, Daniel Stenberg wrote:
> Based on feedback I got on the http-state mailing list from a Firefox
> developer on this topic, we should probably consider making _all_ failures
> to parse the expire date as a reason to switch it to a session cookie and
> not just on blank dates, as that seems to be what Firefox does. (Still to
> be found out how others deal with such cookies)
As discussed, I tested several browsers with these cookies:
1. EmptyDate cookie: "Expires="
2. BadDate cookie: "Expires=sometime"
3. ExtraCharsAfterDate: "Expires=Sun, 25-Oct-2009 20:15:56 GMT extra symbols"
The following three browsers behave in the same way, they treat EmptyDate
and BadDate as session cookies, but recognise the expiry date on the third
MSIE 8.0 on Win XP SP3
Firefox 3.5.3 on Win XP SP3
Epiphany (WebKit) 2.28.0 on Ubuntu 9.10
The only exception was Konqueror/4.3 (KHTML/4.3.2), it treats all three as
Considering the above, I agree with Daniel, I think that any failure to parse
the cookie date in CURL should make it a session cookie. The patch against the
CVS HEAD is enclosed.
- text/x-diff attachment: cookie.diff