Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Handling unparsable Expires Cookie values

See original GitHub issue

Hello all,

Looking at the issue #563 and the comment made by @martingith regarding a desire to handle Expires=0 made me look back the section of the Cookie spec relating to handling of Expires attribute

https://tools.ietf.org/html/rfc6265#section-5.2.1

The third paragraph of the section says that if the attribute value is NOT parsable into a valid value that it should be ignored. This means that we should NOT throw a (confusing) “can not be null” exception and stop the response processing

So I propose that the code of the CookieMatcher.groovy be adjusted as follows

          } else if(equalsIgnoreCase(name, EXPIRES)) {
             value = trim(StringUtils.remove(value, "\""))
             Date parsedDate = DateUtils.parseDate(value)
	     if (parsedDate != null) {
                builder.setExpiryDate(parsedDate)
             } else {
               log.info("Ignoring the following unparsable 'Expires' attribute value: " + value)
             }
          }

Note: the logging of the bad value is optional (but helpful) the important item is to avoid the setting of the ExpiryDate on the Builder, when the date is not parsable, thereby avoiding the exception.

And apologizes in advance for not being able to do the change/PR myself. I am still working through my company process for participating in OSS on company time.

Issue Analytics

State:
Created 6 years ago
Comments:5

Top GitHub Comments

2reactions

johanhalebycommented, May 5, 2017

ok, I’ll add a log statement for now with the condition that it may be removed in the future.

0reactions

ninjubohracommented, May 3, 2017

As for “should we log” I am changing my mind on it…

I think logging in this situation is relevant because it lets the user know that we encountered (and are ignoring) some data that was received in the response. I don’t expect this condition to occur frequently but I (personally) would like to know when it did occur in case of where I am building a service and I don’t realize that my cookie expires attribute value is not spec-compliant (so that I can fix it 😃)