Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 23809
Status: rejected
Priority: 0/
Queue: CGI

People
Owner: MARKSTOS [...] cpan.org
Requestors: matt.lawrence [...] virgin.net
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)



Subject: Setting "expires" to 0 to clear cookie results in the cookie being set to expire "now"
MIME-Version: 1.0
X-Mailer: MIME-tools 5.418 (Entity 5.418)
X-RT-Original-Encoding: utf-8
Content-Type: multipart/mixed; boundary="----------=_1165334911-17284-3"
Content-Length: 0
Content-Type: text/plain; charset="utf8"
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Length: 282
Download (untitled) / with headers
text/plain 282b
When attempting to clear a cookie by setting the expiry time to the epoch, CGI::Util interprets 0 as being an offset rather than an absolute value. This behaviour seems counter-intuitive since all other integers are interpreted absolutely. I've attached a patch for code and tests.
Subject: CGI-3.25.patch
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_1165334910-17284-2"
X-Mailer: MIME-tools 5.418 (Entity 5.418)
Content-Length: 0
Content-Type: text/plain; charset="utf8"
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 0
Content-Type: text/x-patch; name="CGI-3.25.patch"
Content-Disposition: inline; filename="CGI-3.25.patch"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: ascii
Content-Length: 1418
Download CGI-3.25.patch
text/x-diff 1.3k
Index: CGI/Util.pm =================================================================== --- CGI/Util.pm (.../branches/cpan) (revision 524) +++ CGI/Util.pm (.../trunk) (revision 527) @@ -257,7 +257,7 @@ # If you don't supply one of these forms, we assume you are # specifying the date yourself my($offset); - if (!$time || (lc($time) eq 'now')) { + if (!defined($time) || !length($time) || (lc($time) eq 'now')) { $offset = 0; } elsif ($time=~/^\d+/) { return $time; Index: t/cookie.t =================================================================== --- t/cookie.t (.../branches/cpan) (revision 524) +++ t/cookie.t (.../trunk) (revision 527) @@ -7,7 +7,7 @@ # ensure the blib's are in @INC, else we might use the core CGI.pm use lib qw(blib/lib blib/arch); -use Test::More tests => 96; +use Test::More tests => 97; use CGI::Util qw(escape unescape); use POSIX qw(strftime); @@ -166,6 +166,13 @@ is($c->path, '/', 'path atribute is set to default'); ok(!defined $c->secure , 'secure attribute is set'); + $c = CGI::Cookie->new( + -name => 'quux', + -value => 'quuux', + -expires => 0, + ); + like($c->expires, qr(^Thu, 01-Jan-1970), "Setting expiry to the epoch is allowed"); + # I'm really not happy about the restults of this section. You pass # the new method invalid arguments and it just merilly creates a # broken object :-)
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
Content-Disposition: inline
Charset: utf8
Content-Type: text/plain
Message-ID: <rt-3.6.HEAD-6413-1248309682-1936.23809-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 1071
On Tue Dec 05 11:08:34 2006, MATTLAW wrote: Show quoted text
> When attempting to clear a cookie by setting the expiry time to the > epoch, CGI::Util interprets 0 as being an offset rather than an absolute > value. This behaviour seems counter-intuitive since all other integers > are interpreted absolutely. > > I've attached a patch for code and tests.
Thanks for the report, code and tests. One piece not covered here was the relationship with the documentation. The documentation does not list providing a bare integer as a valid time format option, and I'm not in favor of officially starting to support it, since it's not clear what the units are. In particular, "expires => 0" looks to me like it might mean "never expires". I think the current behavior is reasonable, where it means that the cookie "expires in zero seconds". The documentation provides a clear recommended example of how to expire a cookie: "expires => '-1d'". I'm marking this change request as "rejected" now, although it's possible to reply to the ticket to re-open it for further discussion. Mark
MIME-Version: 1.0
X-Spam-Status: No, hits=0.0 required=8.0 tests=HTML_MESSAGE
In-Reply-To: <rt-3.6.HEAD-6413-1248309682-1936.23809-6-0 [...] rt.cpan.org>
X-Cloudmark-Analysis: v=1.0 c=1 a=As4P-NdBMvEA:10 a=AC4b6R8PCdgA:10 a=eNcD7ojaAAAA:8 a=D6tg-0Y76R56hfSPw88A:9 a=hZL7CobzioYb-3ZeaGYA:7 a=JwkVvc_d88LfKYnW7q_qO14MhLoA:4 a=-0pIOAPo6MRZmbvfc3kA:9 a=kxB9iC0YnbZy31XDV6sA:7 a=_5o3R_cuY7eVT0nfdPpiWs6jrpsA:4
References: <RT-Ticket-23809 [...] rt.cpan.org> <rt-3.6.HEAD-6413-1248309682-1936.23809-6-0 [...] rt.cpan.org>
X-Virus-Checked: Checked by ClamAV on 16.mx.develooper.com
Message-ID: <4A682368.4000902 [...] virgin.net>
Content-Type: multipart/alternative; boundary="------------020800030200050700080101"
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by diesel.bestpractical.com (Postfix) with SMTP id 2FFBA19B82DF for <bug-CGI.pm [...] rt.cpan.org>; Thu, 23 Jul 2009 04:46:30 -0400 (EDT)
Received: (qmail 12057 invoked by uid 103); 23 Jul 2009 08:46:29 -0000
Received: from x16.dev (10.0.100.26) by x1.dev with QMQP; 23 Jul 2009 08:46:29 -0000
Received: from mtaout03-winn.ispmail.ntl.com (HELO mtaout03-winn.ispmail.ntl.com) (81.103.221.49) by 16.mx.develooper.com (qpsmtpd/0.80) with ESMTP; Thu, 23 Jul 2009 01:46:22 -0700
Received: from know-smtpout-2.server.virginmedia.net ([62.254.123.2]) by mtaout03-winn.ispmail.ntl.com (InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP id <20090723084604.HLFL5579.mtaout03-winn.ispmail.ntl.com [...] know-smtpout-2.server.virginmedia.net> for <bug-CGI.pm [...] rt.cpan.org>; Thu, 23 Jul 2009 09:46:04 +0100
Received: from [195.224.160.13] (helo=[10.11.1.67]) by know-smtpout-2.server.virginmedia.net with esmtpa (Exim 4.63) (envelope-from <matt.lawrence [...] virgin.net>) id 1MTtwC-0004Yy-KM for bug-CGI.pm [...] rt.cpan.org; Thu, 23 Jul 2009 09:46:04 +0100
Delivered-To: cpan-bug+CGI.pm [...] diesel.bestpractical.com
Subject: Re: [rt.cpan.org #23809] Setting "expires" to 0 to clear cookie results in the cookie being set to expire "now"
User-Agent: Thunderbird 2.0.0.22 (X11/20090608)
Return-Path: <matt.lawrence [...] virgin.net>
X-Spam-Check-BY: 16.mx.develooper.com
X-Original-To: bug-CGI.pm [...] rt.cpan.org
Date: Thu, 23 Jul 2009 09:46:32 +0100
X-Spam-Level: *
To: bug-CGI.pm [...] rt.cpan.org
From: Matt Lawrence <matt.lawrence [...] virgin.net>
RT-Message-ID: <rt-3.6.HEAD-6413-1248338800-1484.23809-0-0 [...] rt.cpan.org>
Content-Length: 0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-RT-Original-Encoding: utf-8
Content-Length: 1555
Download (untitled) / with headers
text/plain 1.5k
MARKSTOS via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=23809 > > > On Tue Dec 05 11:08:34 2006, MATTLAW wrote: >
>> When attempting to clear a cookie by setting the expiry time to the >> epoch, CGI::Util interprets 0 as being an offset rather than an absolute >> value. This behaviour seems counter-intuitive since all other integers >> are interpreted absolutely. >> >> I've attached a patch for code and tests. >>
> > Thanks for the report, code and tests. > > One piece not covered here was the relationship with the documentation. > The documentation does not list providing a bare integer as a valid time > format option, and I'm not in favor of officially starting to support > it, since it's not clear what the units are. > > In particular, "expires => 0" looks to me like it might mean "never > expires". I think the current behavior is reasonable, where it means > that the cookie "expires in zero seconds". The documentation provides a > clear recommended example of how to expire a cookie: "expires => '-1d'". > > I'm marking this change request as "rejected" now, although it's > possible to reply to the ticket to re-open it for further discussion. > >
Fair enough. It's a while ago now, but I think the reason I raised the bug was that some Catalyst plugin or other was using expires => 0 to expire a cookie instantly, but this was failing on IE, because it doesn't (didn't?) notice discrepancies between client and server times. I think I ended up patching the code in question to use 1 instead of 0.
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-RT-Original-Encoding: utf-8
Content-Length: 2066


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.