Issue #516 resolved

Sessionfilter doesn't format properly the cookie date field "Expires" if the locale is not 'C'

Anonymous created an issue

In a cookie, the "Expires" field must be a date formatted as RFC2822. But the sessionfilter module usese time.strftime to do the formatting, and the abbreviated weekday and month depend on the locale selected.

So if you don't have the default 'C' locale (or an English one) the Expires field of the cookie is badly formatted and some browsers (notably Firefox) ignore the cookie silently, thus avoiding the establishment of a session.

Attached is a patch to fix the sessionfilter, one against the 2.2.1 version and another against the latest trunk (r1091). Note that the supposedly unnecessary deflocale = locale.setdefault(...) is required for proper operation in Windows; in my Windows system the code:

locale.setdefault(locale.LC_ALL, locale.getdefault(locale.LC_ALL))

fails, and the only solution is to use the second locale.setdefault() call just in case.

Kind regards,

Raul Garcia.

Reported by raul.garciagarcia@gmail.com

Comments (3)

  1. Anonymous

    The fix in [1174] is not actually correct. The date format for expires should not be RFC 2822, but a Netscape custom format. See 10.1.2 of http://rfc.net/rfc2109.html

    Browsers do seem to handle the RFC 2822 date ok though, so it's probably not worth re-opening the ticket.

  2. Log in to comment