Ticket #516 (defect)
Opened 2 years ago
Last modified 11 months ago
Sessionfilter doesn't format properly the cookie date field "Expires" if the locale is not 'C'
Status: closed (fixed)
| Reported by: | raul.garciagarcia@gmail.com | Assigned to: | rdelon |
|---|---|---|---|
| Priority: | normal | Milestone: | 2.2-final |
| Component: | CherryPy code | Keywords: | |
| Cc: |
In a cookie, the "Expires" field must be a date formatted as RFC2822. But the sessionfilter module usese time.strftime to do the formatting, and the abbreviated weekday and month depend on the locale selected.
So if you don't have the default 'C' locale (or an English one) the Expires field of the cookie is badly formatted and some browsers (notably Firefox) ignore the cookie silently, thus avoiding the establishment of a session.
Attached is a patch to fix the sessionfilter, one against the 2.2.1 version and another against the latest trunk (r1091). Note that the supposedly unnecessary deflocale = locale.setdefault(...) is required for proper operation in Windows; in my Windows system the code:
locale.setdefault(locale.LC_ALL, locale.getdefault(locale.LC_ALL))
fails, and the only solution is to use the second locale.setdefault() call just in case.
Kind regards,
Raul Garcia.
Attachments
Change History
05/03/06 14:13:30: Modified by raul.garciagarcia@gmail.com
- attachment patch221.txt added.
05/03/06 14:14:04: Modified by raul.garciagarcia@gmail.com
- attachment patch1091.txt added.
Patch against revision 1091
06/29/06 12:43:15: Modified by fumanchu
- status changed from new to closed.
- resolution set to fixed.
Fixed in [1174] for both CP 2.2 and CP 3.0.
11/20/07 01:27:14: Modified by anorth@deepgreylabs.com
The fix in [1174] is not actually correct. The date format for expires should not be RFC 2822, but a Netscape custom format. See 10.1.2 of http://rfc.net/rfc2109.html
Browsers do seem to handle the RFC 2822 date ok though, so it's probably not worth re-opening the ticket.
Patch for 2.2.1 release (r1046)