#2480 Cookie's expire value malformed in actionpack-2.3.2 - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#2480 ✓invalid

Cookie's expire value malformed in actionpack-2.3.2

Reported by Stephan Seidt | April 11th, 2009 @ 01:44 AM | in 2.x

This bug makes it impossible to set a cookie expiry date for WebKit browsers, including Safari and MobileSafari on the iPhone.

Captured headers from two different Rails installations:

Rails 2.2: expires=Sat, 25 Apr 2009 00:29:23 GMT
Rails 2.3: expires=Mo, 11-Apr-2011 00:28:51 GMT

The value for expires in Rails 2.2 is being generated in actionpack-2.2.2 lib/action_controller/cookies.rb line 101:


cookie = CGI::Cookie.new(options)

In Rails 2.3 it's apparently being generated in actionpack-2.3.2 lib/action_controller/vendor/rack-1.0/rack/response.rb lines 63-64:


expires = "; expires=" + value[:expires].clone.gmtime.
  strftime("%a, %d-%b-%Y %H:%M:%S GMT")    if value[:expires]

The dashes between day, month and year in the latter code lead to a value which is not being parsed correctly by WebKit browsers. The value is being ignored and the cookie has no expiry date assigned.

Comments and changes to this ticket

You flagged this item as spam.
Stephan Seidt April 21st, 2009 @ 11:33 PM
Please close this ticket, it's a Rack-issue if its any issue at all. The problem does not stem from the dashes but from localization code which was executed before the cookie is being set.
CancelProfileIsBroken April 22nd, 2009 @ 12:29 AM
- State changed from “new” to “invalid”
You flagged this item as spam.
Johan Sørensen April 28th, 2009 @ 12:35 PM
Stephen Seidt: could you elaborate on the source of the problem (localization code)? This very issue is bugging me right now…
You flagged this item as spam.
Stephan Seidt April 28th, 2009 @ 12:42 PM
Sure, in config/environment.rb we included a file that was monkeypatching several constants in the Date and Time classes (e.g. Date::ABBR_DAYNAMES was responsible for the cookie not being accepted) and the Time#strftime method. After the evil code had been removed cookies were working for webkit browsers again.

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Shared Ticket Bins (Sort)

↓↑ drag 455 Open Bugs
↓↑ drag 0 Recent Open Tickets
↓↑ drag 87 Open Patches
↓↑ drag 0 Open Doc Patches
↓↑ drag 542 Stale Tickets
↓↑ drag 3 Verified Patches
↓↑ drag 87 Stale Patches
↓↑ drag 0 Yesterday's Tickets
↓↑ drag 0 Two Days Ago
↓↑ drag 0 This Week
↓↑ drag 0 Last Week
↓↑ drag 7 Bugmash
↓↑ drag 0 Bugmash review queue
↓↑ drag 5 Rails 3 High Priority Tickets

Rails Ruby on Rails → 2.x

Cookie's expire value malformed in actionpack-2.3.2

Comments and changes to this ticket

Stephan Seidt April 21st, 2009 @ 11:33 PM

CancelProfileIsBroken April 22nd, 2009 @ 12:29 AM

Johan Sørensen April 28th, 2009 @ 12:35 PM

Stephan Seidt April 28th, 2009 @ 12:42 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Pages

Rails Ruby on Rails → 2.x

Keyword searching

Cookie's expire value malformed in actionpack-2.3.2

Comments and changes to this ticket

Stephan Seidt April 21st, 2009 @ 11:33 PM

CancelProfileIsBroken April 22nd, 2009 @ 12:29 AM

Johan Sørensen April 28th, 2009 @ 12:35 PM

Stephan Seidt April 28th, 2009 @ 12:42 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Pages