Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 23809
Status: rejected
Priority: 0/
Queue: CGI

People
Owner: MARKSTOS [...] cpan.org
Requestors: matt.lawrence [...] virgin.net
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)



Subject: Setting "expires" to 0 to clear cookie results in the cookie being set to expire "now"
Download (untitled) / with headers
text/plain 282b
When attempting to clear a cookie by setting the expiry time to the epoch, CGI::Util interprets 0 as being an offset rather than an absolute value. This behaviour seems counter-intuitive since all other integers are interpreted absolutely. I've attached a patch for code and tests.
Subject: CGI-3.25.patch
Download CGI-3.25.patch
text/x-diff 1.3k
Index: CGI/Util.pm =================================================================== --- CGI/Util.pm (.../branches/cpan) (revision 524) +++ CGI/Util.pm (.../trunk) (revision 527) @@ -257,7 +257,7 @@ # If you don't supply one of these forms, we assume you are # specifying the date yourself my($offset); - if (!$time || (lc($time) eq 'now')) { + if (!defined($time) || !length($time) || (lc($time) eq 'now')) { $offset = 0; } elsif ($time=~/^\d+/) { return $time; Index: t/cookie.t =================================================================== --- t/cookie.t (.../branches/cpan) (revision 524) +++ t/cookie.t (.../trunk) (revision 527) @@ -7,7 +7,7 @@ # ensure the blib's are in @INC, else we might use the core CGI.pm use lib qw(blib/lib blib/arch); -use Test::More tests => 96; +use Test::More tests => 97; use CGI::Util qw(escape unescape); use POSIX qw(strftime); @@ -166,6 +166,13 @@ is($c->path, '/', 'path atribute is set to default'); ok(!defined $c->secure , 'secure attribute is set'); + $c = CGI::Cookie->new( + -name => 'quux', + -value => 'quuux', + -expires => 0, + ); + like($c->expires, qr(^Thu, 01-Jan-1970), "Setting expiry to the epoch is allowed"); + # I'm really not happy about the restults of this section. You pass # the new method invalid arguments and it just merilly creates a # broken object :-)
On Tue Dec 05 11:08:34 2006, MATTLAW wrote: Show quoted text
> When attempting to clear a cookie by setting the expiry time to the > epoch, CGI::Util interprets 0 as being an offset rather than an absolute > value. This behaviour seems counter-intuitive since all other integers > are interpreted absolutely. > > I've attached a patch for code and tests.
Thanks for the report, code and tests. One piece not covered here was the relationship with the documentation. The documentation does not list providing a bare integer as a valid time format option, and I'm not in favor of officially starting to support it, since it's not clear what the units are. In particular, "expires => 0" looks to me like it might mean "never expires". I think the current behavior is reasonable, where it means that the cookie "expires in zero seconds". The documentation provides a clear recommended example of how to expire a cookie: "expires => '-1d'". I'm marking this change request as "rejected" now, although it's possible to reply to the ticket to re-open it for further discussion. Mark
Subject: Re: [rt.cpan.org #23809] Setting "expires" to 0 to clear cookie results in the cookie being set to expire "now"
Date: Thu, 23 Jul 2009 09:46:32 +0100
To: bug-CGI.pm [...] rt.cpan.org
From: Matt Lawrence <matt.lawrence [...] virgin.net>
Download (untitled) / with headers
text/plain 1.5k
MARKSTOS via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=23809 > > > On Tue Dec 05 11:08:34 2006, MATTLAW wrote: >
>> When attempting to clear a cookie by setting the expiry time to the >> epoch, CGI::Util interprets 0 as being an offset rather than an absolute >> value. This behaviour seems counter-intuitive since all other integers >> are interpreted absolutely. >> >> I've attached a patch for code and tests. >>
> > Thanks for the report, code and tests. > > One piece not covered here was the relationship with the documentation. > The documentation does not list providing a bare integer as a valid time > format option, and I'm not in favor of officially starting to support > it, since it's not clear what the units are. > > In particular, "expires => 0" looks to me like it might mean "never > expires". I think the current behavior is reasonable, where it means > that the cookie "expires in zero seconds". The documentation provides a > clear recommended example of how to expire a cookie: "expires => '-1d'". > > I'm marking this change request as "rejected" now, although it's > possible to reply to the ticket to re-open it for further discussion. > >
Fair enough. It's a while ago now, but I think the reason I raised the bug was that some Catalyst plugin or other was using expires => 0 to expire a cookie instantly, but this was failing on IE, because it doesn't (didn't?) notice discrepancies between client and server times. I think I ended up patching the code in question to use 1 instead of 0.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.