Opened 5 years ago

Closed 5 years ago

#1828 closed defect (duplicate)

Cookies with 2-digit years in their expires value

Reported by: jribbens@… Owned by:
Priority: minor Milestone:
Component: other Version: 1.17.x
Keywords: Cc:
uname -a: unknown
nginx -V: unknown


Cloudflare sets a cookie called __cfduid. It sets the cookie expiry date using a date of the format Sat, 01-Aug-20 13:20:55 GMT, with only a 2-digit year. This is bad for obvious reasons.

The reason I am reporting this here is that Cloudflare support responded as follows:

Our engineering team would like to fix this, but the work involved would be quite expensive due to the complex architecture of our nginx server stack. In addition, we've traced this down to nginx code generating the date format incorrectly, so we believe any nginx webserver will have the same problem. For these reasons, we will not be pursuing a fix at this time."

So Cloudflare claim this is an nginx bug. If this is true then it should be fixed. If it is not true then I will follow up with them instead.

Change History (1)

comment:1 by Maxim Dounin, 5 years ago

Resolution: duplicate
Status: newclosed

Duplicate of #85.

Note: See TracTickets for help on using tickets.