Opened 2 months ago

Closed 2 months ago

#1828 closed defect (duplicate)

Cookies with 2-digit years in their expires value

Reported by: jribbens@… Owned by:
Priority: minor Milestone:
Component: other Version: 1.17.x
Keywords: Cc:
uname -a: unknown
nginx -V: unknown

Description

Cloudflare sets a cookie called __cfduid. It sets the cookie expiry date using a date of the format Sat, 01-Aug-20 13:20:55 GMT, with only a 2-digit year. This is bad for obvious reasons.

The reason I am reporting this here is that Cloudflare support responded as follows:

Our engineering team would like to fix this, but the work involved would be quite expensive due to the complex architecture of our nginx server stack. In addition, we've traced this down to nginx code generating the date format incorrectly, so we believe any nginx webserver will have the same problem. For these reasons, we will not be pursuing a fix at this time."

So Cloudflare claim this is an nginx bug. If this is true then it should be fixed. If it is not true then I will follow up with them instead.

Change History (1)

comment:1 Changed 2 months ago by mdounin

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #85.

Note: See TracTickets for help on using tickets.