Skip to content

A valid Expires= part of Set-Cookie header is not recognized #314

Description

@vlm

The https://tools.ietf.org/html/rfc2616#section-3.3.1 specifies the Sunday, 06-Nov-94 08:49:37 GMT as a valid date format.

The https://tools.ietf.org/html/rfc6265#section-5.1.1 reinforces that.

The sane-cookie-date non-terminal in https://tools.ietf.org/html/rfc6265#section-4.1.1 reinforces that.

However, the parser only recognizes the Sun, 06 Nov 1994 08:49:37 GMT variant of the Expires= token, effectively not restricting validity of the cookie header.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions