php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34999 setcookie() uses wrong format for expiry date in http header
Submitted: 2005-10-27 15:12 UTC Modified: 2005-11-02 18:48 UTC
From: giunta dot gaetano at sea-aeroportimilano dot it Assigned:
Status: Closed Package: HTTP related
PHP Version: 4.4.0 OS: Solaris 8
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: giunta dot gaetano at sea-aeroportimilano dot it
New email:
PHP Version: OS:

 

 [2005-10-27 15:12 UTC] giunta dot gaetano at sea-aeroportimilano dot it
Description:
------------
The day-of-week part of the expiry date in the set-cookie http header generated by PHP uses the full day name instead of the 3 letters abbreviation (as per RFC 822) on Solaris8 + Apache 2.0.54 + PHP 4.4.0. It also puts dashes between date parts insted of spaces.

Note that the cookie spec that PHP follows is 'version 0' cookies, available at:
http://wp.netscape.com/newsref/std/cookie_spec.html

In that spec the mentioned format for time is rfc 822 (which has been superseded by rfc 1123), which explicitly mentions using 3 letters for day-of-week and spaces between date parts.

PHP bug #33597 (closed) mentions explicitly rfc 2616 as permitting the long weekday format, but, imho, it does not applicate to the cookie header, which should follow only rfc 1123.

BTW: on Linux and Windows, php 4.4.0 uses the rfc 1123 format...

Reproduce code:
---------------
<?php
setcookie('hello', '12345', time()+60*60);  
?>

+ use mozilla LiveHTTPHeader to see results:




Expected result:
----------------
HTTP/1.x 200 OK
Date: Thu, 27 Oct 2005 12:44:11 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.0
X-Powered-By: PHP/4.4.0
Set-Cookie: hello=12345; expires=Thu, 27-Oct-05 13:44:11 GMT
Content-Length: 0
Keep-Alive: timeout=15, max=1000
Connection: Keep-Alive
Content-Type: text/html

Actual result:
--------------
HTTP/1.x 200 OK
Date: Thu, 27 Oct 2005 12:44:11 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.0
X-Powered-By: PHP/4.4.0
Set-Cookie: hello=12345; expires=Thursday, 27Oct 2005 13:44:11 GMT
Content-Length: 0
Keep-Alive: timeout=15, max=1000
Connection: Keep-Alive
Content-Type: text/html

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-02 18:40 UTC] giunta dot gaetano at sea-aeroportimilano dot it
OK.

Running PHP 4.4.1, the day-of-week is correctly written using the 3 letters code, both on windows and solaris.
 [2005-11-02 18:48 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 11:01:29 2024 UTC