php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33597 setcookie expires date format
Submitted: 2005-07-07 00:20 UTC Modified: 2005-07-08 14:30 UTC
From: rodricg at sellingsource dot com Assigned: tony2001
Status: Closed Package: Unknown/Other Function
PHP Version: 5.0.4 OS: Linux
Private report: No CVE-ID:
 [2005-07-07 00:20 UTC] rodricg at sellingsource dot com
Description:
------------
setcookie expires date format is invalid according to  
http://wp.netscape.com/newsref/std/cookie_spec.html  
and  
http://www.faqs.org/rfcs/rfc2109 
 
ie. " ... and the separators between the elements of the 
date must be dashes." 
  
 

Reproduce code:
---------------
<?php

setcookie("TestCookie", "PeanutButter", time()-3600);

?>

Expected result:
----------------
Should generate a header with an expires date like: 
 
expires=Wed, 06-Jul-2005 20:49:30 GMT 

Actual result:
--------------
Generates a header with an expires date like: 
 
expires=Wed, 06 Jul 2005 20:49:30 GMT 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-07-07 01:04 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2005-07-07 04:14 UTC] rodricg at sellingsource dot com
The behavior appears to be the same in the referenced snapshot, as well as 5.1.0b2.

X-Powered-By: PHP/5.0.4
Set-Cookie: TestCookie=PeanutButter; expires=Thu, 07 Jul 2005 01:07:13 GMT

X-Powered-By: PHP/5.1.0-dev
Set-Cookie: TestCookie=PeanutButter; expires=Thu, 07 Jul 2005 01:01:22 GMT

X-Powered-By: PHP/5.1.0b2
Set-Cookie: TestCookie=PeanutButter; expires=Thu, 07 Jul 2005 01:09:32 GMT
 [2005-07-07 11:45 UTC] nlopess@php.net
This behaviour was changed here: http://cvs.php.net/diff.php/php-src/ext/standard/datetime.c?r1=1.124&r2=1.125&ty=h because of bug #31056.

RFC 2616 says to use:
Sun, 06 Nov 1994 08:49:37 GMT  ; RFC 822, updated by RFC 1123
Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036

But I'm not sure which one we should follow :)
 [2005-07-07 11:51 UTC] tony2001@php.net
We can just use php_format_date() from the brand new ext/date in setcookie().
Actually the patch is ready, I'm testing it.
 [2005-07-08 14:30 UTC] tony2001@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 06:02:13 2014 UTC