-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
11
-
x86
-
os_x
A DESCRIPTION OF THE PROBLEM :
Hi there,
Currently, class java.net.HttpCookie only recognises Cookie expire time if its timezone is in GMT. However, RFC doesn't state that this timezone must be GMT. And it fact, many servers use different timezone which makes hard to use the class in the real-world application
i.e. for the following cookie (given by a real server) the "expires" field will not be parsed properly
staff_csrf=fd5136abd5f52d62d12d838f; expires=Sat, 11-Jul-2020 19:19:08 UTC; path=/; domain=.staffpass.abc; secure; HttpOnly; SameSite=Strict
CUSTOMER SUBMITTED WORKAROUND :
Create own CookieManager and fix-up timestamp before passing it into parser
FREQUENCY : always
Hi there,
Currently, class java.net.HttpCookie only recognises Cookie expire time if its timezone is in GMT. However, RFC doesn't state that this timezone must be GMT. And it fact, many servers use different timezone which makes hard to use the class in the real-world application
i.e. for the following cookie (given by a real server) the "expires" field will not be parsed properly
staff_csrf=fd5136abd5f52d62d12d838f; expires=Sat, 11-Jul-2020 19:19:08 UTC; path=/; domain=.staffpass.abc; secure; HttpOnly; SameSite=Strict
CUSTOMER SUBMITTED WORKAROUND :
Create own CookieManager and fix-up timestamp before passing it into parser
FREQUENCY : always