Cookies with 2-digit years in their expires value
|Reported by:||Owned by:|
Cloudflare sets a cookie called
__cfduid. It sets the cookie expiry date using a date of the format
Sat, 01-Aug-20 13:20:55 GMT, with only a 2-digit year. This is bad for obvious reasons.
The reason I am reporting this here is that Cloudflare support responded as follows:
Our engineering team would like to fix this, but the work involved would be quite expensive due to the complex architecture of our nginx server stack. In addition, we've traced this down to nginx code generating the date format incorrectly, so we believe any nginx webserver will have the same problem. For these reasons, we will not be pursuing a fix at this time."
So Cloudflare claim this is an nginx bug. If this is true then it should be fixed. If it is not true then I will follow up with them instead.