>Number: 3795 >Category: mod_jserv >Synopsis: Problems with cookie expiration date formats >Confidential: no >Severity: serious >Priority: medium >Responsible: jserv >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Jan 29 11:20:00 PST 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3 >Environment: Linux, JDK1.1, JServ 0.9.11 >Description: Expiration format
In "EEEE, dd-MMM-yy kk:mm:ss zz" hours could range up to 24, years only to 99. (Won't support Y2K.) So from the Netscape cookie spec, I changed it in my copy to: "EEE, dd-MMM-yyyy HH:mm:ss 'GMT'" This should improve reliability a bit. The new format is working fine so far on our development site. >How-To-Repeat: Telnet to the HTTP port and request any page that sets a cookie with an expiration date. >Fix: See description. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
