Received: (qmail 614 invoked by uid 2012); 19 Oct 1997 21:56:31 -0000 Message-Id: <19971019215631.613.qmail@hyperreal.org> Date: 19 Oct 1997 21:56:31 -0000 From: Chris Tamblyn Reply-To: cjt@evocative.com To: apbugs@hyperreal.org Subject: date format for cookies is not compliant with RFC..causes errors X-Send-Pr-Version: 3.2 >Number: 1278 >Category: mod_usertrack >Synopsis: date format for cookies is not compliant with RFC..causes errors >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Oct 20 12:00:01 PDT 1997 >Last-Modified: Thu May 28 12:11:22 PDT 1998 >Originator: cjt@evocative.com >Organization: >Release: 1.2.4 >Environment: FreeBSD red.evocative.com 2.2.2-RELEASE FreeBSD 2.2.2-RELEASE #0: Sun Oct 19 11: 23:15 PDT 1997 root@blue.evocative.com:/usr/src/sys/compile/EVOC-RED i386 bash-2.00$ >Description: RFC 822 specifies the date format: 5. DATE AND TIME SPECIFICATION 5.1. SYNTAX date-time = [ day "," ] date time ; dd mm yy ; hh:mm:ss zzz day = "Mon" / "Tue" / "Wed" / "Thu" / "Fri" / "Sat" / "Sun" date = 1*2DIGIT month 2DIGIT ; day month year ; e.g. 20 Jun 82 month = "Jan" / "Feb" / "Mar" / "Apr" / "May" / "Jun" / "Jul" / "Aug" / "Sep" / "Oct" / "Nov" / "Dec" time = hour zone ; ANSI and Military hour = 2DIGIT ":" 2DIGIT [":" 2DIGIT] ; 00:00:00 - 23:59:59 zone = "UT" / "GMT" ; Universal Time ; North American : UT / "EST" / "EDT" ; Eastern: - 5/ - 4 / "CST" / "CDT" ; Central: - 6/ - 5 / "MST" / "MDT" ; Mountain: - 7/ - 6 / "PST" / "PDT" ; Pacific: - 8/ - 7 / 1ALPHA ; Military: Z = UT; ; A:-1; (J not used) ; M:-12; N:+1; Y:+12 / ( ("+" / "-") 4DIGIT ) ; Local differential ; hours+min. (HHMM) Here are the changes required to correct the problem 175c175 < "%s%s; path=/; expires=%s, %.2d-%s-%.2d %.2d:%.2d:%.2d GMT", --- > "%s%s; path=/; expires=%s, %.2d %s %.4d %.2d:%.2d:%.2d GMT", 178c178 < (tms->tm_year >= 100) ? tms->tm_year - 100 : tms->tm_year, --- > tms->tm_year + 1900, >How-To-Repeat: >Fix: noted above....fix and diagnosis courtesy of Patrick Rigney of Evocative, Inc. Thanks folks. %0 >Audit-Trail: State-Changed-From-To: open-analyzed State-Changed-By: rse State-Changed-When: Tue Oct 21 00:41:09 PDT 1997 State-Changed-Why: 1. the current mod_usertrack (1.2.4 and 1.3b2) only creates Cookies according to Netscapes "old" Cookie proposal, because the "new" one (RFC 2109) has "Max-Age" instead of "Expires". 2. While Netscape says in their proposal under http://www.netscape.com/newsref/std/cookie_spec.html) the date format is ...DD-MM-YYYY... and this follows RFC822, etc. So, it is not clear what the actual format is, because RFC822 says ...DD MM YYYY.., the proposal says ...DD-MM-YYYY... and Apache uses ...DD-MM-YY... But either way Apaches current format is more like Netscapes one than the one from RFC822. So, when mod_usertrack should be fixed, then better to DD-MM-YYYY instead of RFC822's variant, I think. Or even better: mod_usertrack should use the format of RFC 2109 when it becomes a valid draft and browsers support it. Or I'm totally wrong here? Correct me please. State-Changed-From-To: analyzed-closed State-Changed-By: coar State-Changed-When: Thu May 28 12:11:21 PDT 1998 State-Changed-Why: [This is a standard response.] No response from submitter, assuming issue has been resolved. >Unformatted: