Closed
Bug 650221
Opened 14 years ago
Closed 14 years ago
Firefox modifies date of cookie expiration relatively to the server time rather than to the user local time
Categories
(Core :: Networking: Cookies, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 368964
People
(Reporter: marcin, Assigned: amchung)
Details
(Whiteboard: [necko-active])
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0) Gecko/20100101 Firefox/4.0
Build Identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0) Gecko/20100101 Firefox/4.0
Hi guys,
it seems like FF is applying cookie expiration time relatively to the server time rather than to the user local time, i.e.
user time: Date: Tue, 15 Apr 2011 08:52:59 GMT
server time: Date: Tue, 15 Mar 2011 08:52:59 GMT
cookie: Set-Cookie: foo=bar; expires=Thu, 14-Apr-2011 08:52:59 GMT; path=/; domain=.example.com
After that you would expect cookie to don't be set as relatively to the user time is in the past, however it seems like cookie time difference against server time is being measured and applied for the expiration which is ending up in setting cookie to expire in 15-May-2011 08:52:59 GMT against any logic.
this sounds to me like a bug but can be wrong, please advise.
cheers
Reproducible: Always
Steps to Reproduce:
1. set server time to the past compared to your local time
2. set cookie expiration in the future compared to the server time but in the past compared to your user local time
3. cookie will be set with expiration time calculated as a difference between server time and the cookie expiration time despite being set to expire already in past compared to the user local time.
Actual Results:
you will end-up with cookie set to future (measured as a difference between cookie time and the server time) despite being set in the past against your local machine time
Expected Results:
cookie shouldn't be set if its expiration time is set in the past compared to your user local time.
|
||
Comment 1•14 years ago
|
||
Isn't this necessary, in case there's a difference between the webserver and the client ?
The webserver is trying to set a cookie that expires on the 14th of april (30 days in the servers future). According to the clients clock, that's on the 15th of may, which is also 30 days in the future. What's wrong with that ?
If this is normal, bug 368964 should be closed too.
the problem is that only FF behaves that way, all other browsers expire that cookie straight away.
(In reply to comment #1)
> Isn't this necessary, in case there's a difference between the webserver and
> the client ?
>
> The webserver is trying to set a cookie that expires on the 14th of april (30
> days in the servers future). According to the clients clock, that's on the 15th
> of may, which is also 30 days in the future. What's wrong with that ?
>
> If this is normal, bug 368964 should be closed too.
the problem is that only FF behaves that way, all other browsers expire that
cookie straight away.
|
||
Updated•14 years ago
|
Component: General → Networking: Cookies
Product: Firefox → Core
QA Contact: general → networking.cookies
|
||
Comment 4•14 years ago
|
||
This looks like a duplicate of bug 368964.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
|
|
Assignee | |
Updated•9 years ago
|
Assignee: nobody → amchung
Whiteboard: [necko-active]
|
|
Assignee | |
Comment 5•9 years ago
|
||
https://dxr.mozilla.org/mozilla-central/source/netwerk/cookie/nsCookieService.cpp#4034
This statement needs to modify to aCookieAttributes.expiryTime = aServerTime + delta;
You need to log in
before you can comment on or make changes to this bug.
Description
•