hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 32835] - cookies > 20 years invalidated
Date Thu, 23 Dec 2004 19:44:29 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32835>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=32835


colin.taylor@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|cookies                     |cookies > 20 years
                   |                            |invalidated




------- Additional Comments From colin.taylor@gmail.com  2004-12-23 20:44 -------
Amazon sets its user cookie to year '38' which is  a problem
because httpclient thinks 1938 and ignores the cookie. The reason why
it does this lies in SimpleDateFormat
>From the JDK:

"For parsing with the abbreviated year pattern ("y" or "yy"),
SimpleDateFormat must interpret the abbreviated year relative to some
century. It does this by adjusting dates to be within 80 years before
and 20 years after the time the SimpleDateFormat instance is created.
For example, using a pattern of "MM/dd/yy" and a SimpleDateFormat
instance created on Jan 1, 1997, the string "01/11/12" would be
interpreted as Jan 11, 2012 while the string "05/04/64" would be
interpreted as May 4, 1964."

So in effect any cookie set more than 20 years in the future and using
a 2 digit format is gonna be screwed. The assumption being made that all two
digit years > current (YY+20) are last century.

To change the assumption all thats needed is to pass in a
two_year_start to DateUtil.parseDate()   which should be "20" in the
expires field check IMHO. This wouldnt affect any fully specified
years and any other users of the field can use  "19" if so desired.
Tangentially,  the making of the simple date format in the local loop aint ideal...

from

if (dateParser == null) {
 dateParser = new SimpleDateFormat(format, Locale.US);
 dateParser.setTimeZone(TimeZone.getTimeZone("GMT"));
}

to

if (dateParser == null) {
 dateParser = new SimpleDateFormat(format, Locale.US);
 dateParser.setTimeZone(TimeZone.getTimeZone("GMT"));
 dateParser.setTwoDigitYearStart(two_year_start));   // new

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message